Checkpoint has nice starting tutorial page for GO stick user. I had a chance to play with it and found one interesting thing to run some un-approved application  in the Checkpoint GO Secure Portable Workspace.

starter-kits.jpg?ssl=1starter-kits.jpg?ssl=1With USB Checkpoint GO Stick, user got a chance to launch Check Point GO Virtual desktop. Based on Page 9 at CP_GO_UserGuide.PDF,
“only a limited number of pre-approved applications are allowed to run. By default, the virtual desktop does not allow you to:

  • Print
  • Customize the desktop
  • Perform any system configuration

If you need this kind of functionality, or another program added to the list of approved applications, contact
your system administrator.

9-20-2014%2B9-48-54%2BPM.png?resize=320%2C1239-20-2014%2B9-48-54%2BPM.png?resize=320%2C123After double clicked the GO.exe file from the GO usb stick, you will get a password window to launch GO Desktop.

9-20-2014%2B9-50-33%2BPM.png?resize=320%2C1669-20-2014%2B9-50-33%2BPM.png?resize=320%2C166

You can log into Secure Workspace or Folder Mode.

9-20-2014%2B9-51-29%2BPM.png?resize=320%2C1939-20-2014%2B9-51-29%2BPM.png?resize=320%2C193
In Advanced button, you can get more information regarding this Check Point GO Stick such as serial no, firmware version. Also change the password on the stick.

9-20-2014%2B9-54-20%2BPM.png9-20-2014%2B9-54-20%2BPM.png

Later after you launched GO desktop, you can switch it back to host , or from host switch to GO desktop by right click GO icon at the task bar.

After GO.exe verified your password, GO desktop will show in the screen to replace your original desktop. It looks like windows remote desktop.

9-20-2014%2B10-03-40%2BPM.png?resize=640%2C5309-20-2014%2B10-03-40%2BPM.png?resize=640%2C530 9-20-2014%2B10-21-01%2BPM.png?resize=400%2C2619-20-2014%2B10-21-01%2BPM.png?resize=400%2C261

On the right bottom, there is remote vpn client for securely accessing resources on the corporate enterprise. After you right clicked icon, choose connect. Your pre-defined remote gateway will be connected and build remote vpn with it from your current Secure Desktop.

9-20-2014%2B2-09-45%2BPM.png?resize=640%2C4949-20-2014%2B2-09-45%2BPM.png?resize=640%2C494

One interesting thing I found is to it is possible to run host application which is not approved by security policy. I did see a putty program icon on the virtual desktop. By right click it and click Properties, you will get application properties window. There is find target button and once you clicked it, a host system32 folder will be brought up. Then you could browse to other folder and run other applications on the host.

9-20-2014%2B10-14-16%2BPM.png?resize=640%2C3249-20-2014%2B10-14-16%2BPM.png?resize=640%2C324

Why is it happening? I will continue working on to figure it out.