----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Rafiyq Mondesir" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, March 10, 2001 10:41 PM
Subject: Re: [FW1] userc.C
>
> Hi Rafiyq,
>
> On Fre, Mär 02, 2001 at 01:15:21 -0800, Rafiyq Mondesir wrote:
> > My question is regarding the use of the userc.C file on the SecureRemote
> > Client. It seems that this file contains details about the firewall on
> > which the client is supposed to connect to in order to establish VPN
> > connectivity. Contained in the file is the DNS name and the IP address
of
> > the external and internal interfaces of the firewall. It seems to me
that
> > this information undermines the Stealth and Hiding that one may
otherwise
> > wish to implement on the Firewall1VPN product. Is there another way or
an
> > alternative that would make this information "invisible" in the userc.C
file?
>
> SecuRemote needs this information to function, so that would not be
useful.
> Checkpoint could make that information encrypted (password protected), but
> that would require users to give in yet another password.
>
Hi
Add the following entry to your userc.C before starting
securemote/secureclient and adding your site:
:options (
:...
:...
:encrypt_db (true)
)
this will encrypt the entries in userc.C
=> BUT: If the user deletes this entry from userc.C and readds the site
again, the userc.C won't be encrypted.....
A better solution would be if checkpoint adds this option to the dnsinfo.C,
so the end user won't be able to change these settings...the same applies to
the other options in ":options ()"
regards,
mike
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
