Geolocation and Adobe vulnerability protection - Check Point IPS

A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said. Source : http://www.wired.com/threatlevel/2010/01/google-hack-attack).

To make a long story short, the Chinese have drastically escalated their attacks against US based network assets. A statement has been released by Secretary of State Hillary Clinton : "We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear." (http://www.state.gov/secretary/rm/2010/01/135105.htm)

PROTECTION 1: Check Point provides pre-emptive protection against exploits that use this vulnerability through its integrated IPS offerings. Check Point SmartDefense and Check Point IPS Software Blade detect and block malformed HTTP requests attempting to exploit this vulnerability. No update is required to address this vulnerability. For more information, see CPAI-2009-330 (http://www.checkpoint.com/defense/advisories/public/2009/cpai-19-Dec.html).

PROTECTION 2: A new protection category in Check Point's IPS module allows you to control traffic based on the source or destination country (Geolocation Protection). You can define a policy for specific countries, and a policy that applies to all other countries.

While Geolocation isnt the final answer, it makes absolute sense to have this line of defense in your network. This feature is added in the NGX R70, by applying hotfix R.20 you will get this view.