Department of Homeland Security issues security warning for VPN applications — Check Point VPNs not affected

by Lloyd Tanaka, Threat Prevention Product Marketing Manager, published April 17th 2019

 

On Friday April 12, The CERT Coordination Center (CERT/CC) with the US Department of Homeland Security (DHS), issued a warning of a newly discovered vulnerability affecting possibly hundreds of Virtual Private Network (VPN) applications. Check Point was one of a small handful to be unaffected by this warning.

 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#192371 to get details of the affected VPN applications and the problem of insecure storing of session cookies in memory and/or log files. Organizations face the risk of attackers exploiting this vulnerability to take control of an affected system.

 

Check Point VPN customers are not affected because of our advanced, market-leading security architecture. Check Point’s IPsec and SSL VPNs offer a number of market-leading capabilities that add safety and convenience for your remote access users, including:

 

  • Threat prevention
  • Incident analysis
  • Access control
  • Data security
  • Compliance checking
  • Multi-factor authentication

 

Customers using other VPNs should consult with their vendor. To help you assess your specific situation, we’ve formed a special VPN task force team to discuss your available options, including a quick migration to Check Point technology. Interested customers should contact our Incident Response team at https://www.checkpoint.com/support-services/threatcloud-incident-response/

Get information on Check Point’s Remote Access VPN solutions by visiting https://www.checkpoint.com/products/remote-access-vpn/