Ngx i r65 Slides
-
Upload
esteve-faja-mauri -
Category
Documents
-
view
260 -
download
0
Transcript of Ngx i r65 Slides
-
7/31/2019 Ngx i r65 Slides
1/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point Security Administration I
NGX (R65)
-
7/31/2019 Ngx i r65 Slides
2/183
22003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Slide Graphic Legend
-
7/31/2019 Ngx i r65 Slides
3/183
32003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Objectives
Part 1: Getting Started Chapter 1: Introduction to VPN-1
Given your understanding of Check Points three-tierarchitecture and basic firewall concepts, design and install adistributed deployment of VPN-1.
Test to verify the VPN-1 deployment, based on SICestablishment between the SmartCenter Server and theGateway using SmartDashboard.
Chapter 2: Introduction to SecurePlatform
Given the most current configuration, update the appropriatenetwork interface using the sysconfig utility to change themanagement interface.
Given specific instructions, perform a backup and restore of thecurrent Gateway installation from the command line.
-
7/31/2019 Ngx i r65 Slides
4/183
42003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Objectives
Part 2: Security Policy Chapter 3: Introduction to the Security Policy
Given the network topology, create and configure network, host,and gateway objects for your city site.
In SmartMap view, actualize your city sites network objects.
In SmartMap, given your partner citys network data, create and
configure your partner citys Web server object.
Create a basic Rule Base in SmartDashboard that includespermissions for administrative users, external services, and LANoutbound use. Test your Rule Base with your partner city, andevaluate logs in SmartView Tracker.
Given your Policys implicit rules, configure an implied rule for
logging purposes.
-
7/31/2019 Ngx i r65 Slides
5/183
52003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Objectives
Manually configure NAT rules on your Web-server and Gatewayobjects. Refer to the Global Properties of the Gateway object.
Configure the Policy using Database Revision Control.
Part 3: Access Control and Management
Chapter 4: Monitoring Traffic and Connections Given a deployment strategy, test and verify a new Policy using
SmartView Tracker.
Given evidence of a potential intrusion or attack usingSmartView Tracker, change the Policy to block the offendingconnection.
Use SmartView Monitor to block and monitor a users activities
by implementing the SAM rule.
Given accumulated raw-logged data, configure Eventia Reporterto monitor and audit network traffic.
-
7/31/2019 Ngx i r65 Slides
6/183
62003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Objectives
Chapter 5: Authentication Create and configure users in SmartDirectory for access to your
LAN.
Modify your Rule Base to provide permissions for users.
Configure partially automatic Client Authentication, and install,
test, and verify the Policy in SmartView Tracker.
Chapter 6: Check Point QoS Given a distributed network deployment, design a strategy for
implementing QoS.
Based on an implementation of QoS, configure the requiredbandwidth allocation for the network.
-
7/31/2019 Ngx i r65 Slides
7/18372003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Objectives
Part 4: SmartDefense Chapter 7: Basic SmartDefense and Content Inspection
Using content inspection, Application Intelligence, and/or WebIntelligence, configure for port scanning and HTTP wormcatcher.
Create a SmartDefense profile, and incorporate port-scanningand successive-events settings into the profile. Test theconfiguration with your partner citys Web server, and evaluate
logs using SmartView Tracker.
Block connections, given evidence of a potential intrusion or
attack. Evaluate logs.
Based on network analysis disclosing threats by specific sites,configure a Web-filtering and antivirus Policy to filter and/or scanthe threatening traffic.
-
7/31/2019 Ngx i r65 Slides
8/1832003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
PrefaceCheck Point Security Administration I
NGX (R65)
-
7/31/2019 Ngx i r65 Slides
9/18392003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Course Layout
Prerequisites Check Point Certified Security Administrator (CCSA)
-
7/31/2019 Ngx i r65 Slides
10/183102003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Recommended Setup for Labs
Recommended Lab Topology
-
7/31/2019 Ngx i r65 Slides
11/183112003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Recommended Setup for Labs
IP Addresses Lab Terms
-
7/31/2019 Ngx i r65 Slides
12/183122003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point Security Architecture
PURE Security
-
7/31/2019 Ngx i r65 Slides
13/183132003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point Security Architecture
Check Point Components
-
7/31/2019 Ngx i r65 Slides
14/183
-
7/31/2019 Ngx i r65 Slides
15/183152003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point Security Architecture
Broad Range of Security Solutions
-
7/31/2019 Ngx i r65 Slides
16/183162003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point Security Architecture
Network Security Data Security
Security Management
Services
-
7/31/2019 Ngx i r65 Slides
17/183172003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Training and Certification
CCMA Learn More
-
7/31/2019 Ngx i r65 Slides
18/183182003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Part 1: Introduction to VPN-1
Chapter 1: VPN-1 Overview
Chapter 2: Introduction to SecurePlatform
-
7/31/2019 Ngx i r65 Slides
19/183
-
7/31/2019 Ngx i r65 Slides
20/183202003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Objectives
Given your understanding of Check Points three-tierarchitecture and basic firewall concepts, design andinstall a distributed deployment of VPN-1.
Test to verify the VPN-1 deployment, based on SICestablishment between the SmartCenter Server and theGateway using SmartDashboard.
1
-
7/31/2019 Ngx i r65 Slides
21/183212003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
VPN-1 Fundamentals
VPN-1 Components
1
-
7/31/2019 Ngx i r65 Slides
22/183222003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Check Points Security Gateway
OSI Communication Stack
1
-
7/31/2019 Ngx i r65 Slides
23/183
232003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Points Security Gateway
Packet Filtering
1
-
7/31/2019 Ngx i r65 Slides
24/183
242003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Points Security Gateway
Stateful Inspection
1
-
7/31/2019 Ngx i r65 Slides
25/183
252003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Points Security Gateway
Application Intelligence
1
-
7/31/2019 Ngx i r65 Slides
26/183
262003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Points Security Gateway
Bridge Mode and STP
1
-
7/31/2019 Ngx i r65 Slides
27/183
272003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Points Security Gateway
VPN-1 Gateway Inspection Architecture Inspection Module Flow
1
-
7/31/2019 Ngx i r65 Slides
28/183
282003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Security Policy Management
SmartConsole Components
1
-
7/31/2019 Ngx i r65 Slides
29/183
292003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point SmartDashboard1
-
7/31/2019 Ngx i r65 Slides
30/183
302003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Tracker1
S Vi M i
-
7/31/2019 Ngx i r65 Slides
31/183
312003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Monitor1
S LSM
-
7/31/2019 Ngx i r65 Slides
32/183
322003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartLSM1
E ti R t
-
7/31/2019 Ngx i r65 Slides
33/183
332003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Eventia Reporter1
E ti A l
-
7/31/2019 Ngx i r65 Slides
34/183
342003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Eventia Analyzer1
VPN 1 S tC t S
-
7/31/2019 Ngx i r65 Slides
35/183
352003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
VPN-1 SmartCenter Server
Basic Concepts and Terminology Using Management Plug-Ins
Securing Channels of Communication
1
VPN 1 S tC t S
-
7/31/2019 Ngx i r65 Slides
36/183
362003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
VPN-1 SmartCenter Server
Distributed VPN-1 Configuration Showing Componentswith Certificates
1
VPN 1 S tC t S
-
7/31/2019 Ngx i r65 Slides
37/183
372003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
VPN-1 SmartCenter Server
Administrative Login Using SIC
1
SmartUpdate and Managing Licenses
-
7/31/2019 Ngx i r65 Slides
38/183
382003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartUpdate and Managing Licenses
Understanding SmartUpdate
Overview of Managing Licenses
Contracts/Services
Service Contracts
Working with Contract Files
1
-
7/31/2019 Ngx i r65 Slides
39/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
1
VPN-1 Distributed Installation
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
40/183
402003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
1. What is the primary purpose for the VPN-1 three-tierarchitecture?
1
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
41/183
412003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
Separate components provide a more securemanagement environment.
1
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
42/183
422003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
2. What are the primary components of the Check PointSecurity Gateway? Explain Stateful Inspection as itrelates to the OSI Model?
1
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
43/183
432003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
Packet filtering
Stateful Inspection
SmartDefense and Application Intelligence
Stateful Inspection incorporates layer 4 awareness to
the standard packet-filtering technology. It examinesthe contents of the packet up through the applicationlayer of the OSI Model.
1
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
44/183
442003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
3. What are the advantages of Check Points SecureManagement Architecture (SMART)? In what way doesit benefit an enterprise network and its Administrators?
1
Review Questions & Answers
-
7/31/2019 Ngx i r65 Slides
45/183
452003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
SMART is a unified approach to centralizing Policymanagement and configuration, including monitoring,logging, analysis, and reporting within a single controlcenter.
1
Review Questions & Answers1
-
7/31/2019 Ngx i r65 Slides
46/183
462003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
4. What is the main purpose for the SmartCenter Server?Which function is it necessary to perform on theSmartCenter Server when incorporating SecurityGateways into the network?
1
Review Questions & Answers1
-
7/31/2019 Ngx i r65 Slides
47/183
472003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review Questions & Answers
Used by the Security Administrator, the SmartCenterServer manages the Security Policy. In order toperform that role, the SmartCenter Server mustestablish SIC with other components, so thatcommunication is verified and management can be
performed on any component on the network.
1
-
7/31/2019 Ngx i r65 Slides
48/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
2
Introduction to SecurePlatform
Objectives2
-
7/31/2019 Ngx i r65 Slides
49/183
492003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Objectives
Given the most current configuration, update theappropriate network interface using the sysconfig utilityto change the management interface.
Given specific instructions, perform a backup of thecurrent Gateway installation from the command line.
2
Introduction2
-
7/31/2019 Ngx i r65 Slides
50/183
502003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Introduction
SecurePlatform allows easy configuration of yourcomputer and networking aspects, along with installedCheck Point products.
2
Hardware Requirements/Setup2
-
7/31/2019 Ngx i r65 Slides
51/183
512003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Hardware Requirements/Setup
Intel Pentium III 300+ MHz or equivalent processor
10 GB free disk space
256 MB (512 MB recommended)
One or more supported network-adapter cards
CD-ROM drive (bootable)
1024 x 768 video-adapter card
2
Hardware Requirements/Setup2
-
7/31/2019 Ngx i r65 Slides
52/183
522003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Hardware Requirements/Setup
Hardware Compatibility Testing Tool
2
Using the Command Line2
-
7/31/2019 Ngx i r65 Slides
53/183
532003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Using the Command Line
Linux File Structure
2
Using the Command Line2
-
7/31/2019 Ngx i r65 Slides
54/183
542003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Using the Command Line
Basic Linux Commands sysconfig
cpconfig
Backup and Restore
Viewing Scheduling Status in the WebUI
Restoring the Backup via the Command Line
Restoring Older Versions of SecurePlatform
Scheduling a Backup in the WebUI
Viewing the Backup Log in the WebUI
Generating CPInfo
2
Critical Check Point Directories2
-
7/31/2019 Ngx i r65 Slides
55/183
552003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Critical Check Point Directories
$FWDIR/conf
$FWDIR/bin
Log Files
objects.C and objects_5_0.C
rulebases_5_0.fws
fwauth.NDB
Exporting User Database Only
Backing Up Using upgrade_export
2
Managing Your System2
-
7/31/2019 Ngx i r65 Slides
56/183
562003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Managing Your System
Connecting to SecurePlatform Using Secure Shell
User Management
2
SecurePlatform Command Shell2
-
7/31/2019 Ngx i r65 Slides
57/183
572003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SecurePlatform Command Shell
Command Shell
Management Commands
Documentation Commands
System Commands
Snapshot-Image Management
System-Diagnostic Commands
Check Point Commands
Network-Diagnostic Commands
Network-Configuration Commands
User and Administrative Commands
2
-
7/31/2019 Ngx i r65 Slides
58/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
2
Configuring VPN-1 Using the CLI
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
59/183
592003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
e e Quest o s & s e s
1. What are the two primary utilities that provideinteractive menu options for all configuration aspects?
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
60/183
602003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Q
sysconfig
cpconfig
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
61/183
612003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. When is it useful to use backed-up information?
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
62/183
622003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
When the current configuration stops working, it maybe necessary to revert or restore to a previous systemstate.
When upgrading to a new version
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
63/183
632003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. What is fw monitor and fw unloadlocal?
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
64/183
642003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
fw monitor is a built-in utility used to capture networkpackets at multiple capture points within the packettransfer.
fw unloadlocal is a command used to detach theSecurity Policy from the local machine.
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
65/183
652003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
4. What is the difference between the snapshot andbackup commands?
2
Review Questions & Answers2
-
7/31/2019 Ngx i r65 Slides
66/183
662003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
snapshot backs up the entire SecurePlatform operatingsystem and all of its products.
backup reproduces the system-configuration settingsonly.
2
Part 2: Security Policy
-
7/31/2019 Ngx i r65 Slides
67/183
672003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Chapter 3: Introduction to the Security Policy
-
7/31/2019 Ngx i r65 Slides
68/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
3
Introduction to the Security Policy
Objectives3
-
7/31/2019 Ngx i r65 Slides
69/183
692003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Given the network topology, create and configure network, host,
and gateway objects for your city site. In SmartMap view, actualize your city sites network objects.
In SmartMap, given your partner citys network data, create and
configure your partner citys Web server object.
Create a basic Rule Base in SmartDashboard that includespermissions for administrative users, external services, and LANoutbound use. Test your Rule Base with your partner city, andevaluate logs in SmartView Tracker.
Given your Policys implicit rules, configure an implied rule for
logging purposes.
Manually configure NAT rules on your Web-server and Gatewayobjects. Refer to the Global Properties of the Gateway object.
Configure the Policy using Database Revision Control.
3
Security Policy Basics3
-
7/31/2019 Ngx i r65 Slides
70/183
702003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
The Rule Base
3
Managing Objects in SmartDashboard3
-
7/31/2019 Ngx i r65 Slides
71/183
712003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
g g j
SmartDashboard and Objects
Managing Objects
Changing the View in the Objects Tree
3
-
7/31/2019 Ngx i r65 Slides
72/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
3
Creating Objects, Establishing Trust
and Configuring SmartMap
Creating the Rule Base3
-
7/31/2019 Ngx i r65 Slides
73/183
732003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Basic Rule Base Concepts
Default Rule
Basic Rules
Implicit/Explicit Rules
Control Connections
Completing the Rule Base3
-
7/31/2019 Ngx i r65 Slides
74/183
742003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Understanding Rule Base Order
Rule Base Management3
-
7/31/2019 Ngx i r65 Slides
75/183
752003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Review
Useful Tips
Policy Managementand Revision Control3
-
7/31/2019 Ngx i r65 Slides
76/183
762003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
and Revision Control
Two utilities are used for providing backups and
incremental changes: Policy Package management
Database Revision Control
Policy-Management Overview3
-
7/31/2019 Ngx i r65 Slides
77/183
772003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Policy Packages Sample Organization with Different Types of Sites
Policy-Management Overview3
-
7/31/2019 Ngx i r65 Slides
78/183
782003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Installation Targets
Querying and Sorting Rules and Objects
Database Revision Control3
-
7/31/2019 Ngx i r65 Slides
79/183
792003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Implementing Database Revision Control
-
7/31/2019 Ngx i r65 Slides
80/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
4
Configuring the Security Policy
Network Address Translation3
-
7/31/2019 Ngx i r65 Slides
81/183
812003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
RFC 3022, Traditional IP Network Address Translator
(Traditional NAT)
IP Addressing
Network Address Translation3
-
7/31/2019 Ngx i r65 Slides
82/183
822003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Dynamic (Hide) NAT
Network Address Translation3
-
7/31/2019 Ngx i r65 Slides
83/183
832003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Static NAT
Network Address Translation3
-
7/31/2019 Ngx i r65 Slides
84/183
842003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Hide Versus Static
Choosing the Hide Address in Hide NAT
Configuring NAT
Dynamic NAT Object Configuration
Manual NAT
-
7/31/2019 Ngx i r65 Slides
85/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
5
Configuring Static NAT
Enabling VoIP Traffic3
-
7/31/2019 Ngx i r65 Slides
86/183
862003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Supported Protocols
Session Initiation Protocol
Enabling VoIP Traffic3
-
7/31/2019 Ngx i r65 Slides
87/183
872003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SIP Proxies in a VoIP Deployment
Enabling VoIP Traffic3
-
7/31/2019 Ngx i r65 Slides
88/183
882003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
H.323-Based VoIP Topology
Enabling VoIP Traffic3
-
7/31/2019 Ngx i r65 Slides
89/183
892003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Allowed Routing Mode
Detecting IP Spoofing3
-
7/31/2019 Ngx i r65 Slides
90/183
902003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Configuring Anti-Spoofing
Multicasting3
-
7/31/2019 Ngx i r65 Slides
91/183
912003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Configuring Multicast Access Control
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
92/183
922003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
1. Objects are created by the Security Administrator to
represent actual hosts and devices, as well as servicesand resources, to use when developing the SecurityPolicy. What should the Administrator consider beforecreating objects?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
93/183
932003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
What are the physical and logical components that
make up the organization?
Who are the users and Administrators, and how shouldthey be grouped, i.e., access permissions, location(remote or local), etc?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
94/183
942003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. What are some important considerations when
formulating or updating a Rule Base?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
95/183
952003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Which objects are in the network, i.e., gateways,
routers, hosts, networks, or domains?
Which user permissions and authentication schemesare required?
Which services, including customized services and
sessions, are allowed across the network?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
96/183
962003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. For which deployment scheme would Database
Revision Control be most appropriate?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
97/183
972003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
It is ideal for a stand-alone deployment, or distributed
with a single Gateway.
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
98/183
982003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
4. What are some reasons for employing NAT in a
network?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
99/183
992003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
When requiring private IP addresses in internal
networks
To limit external-network access
To ease network administration
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
100/183
1002003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
5. What is the difference between sip and sip_any
services when implementing VoIP in the Rule Base?
Review Questions & Answers3
-
7/31/2019 Ngx i r65 Slides
101/183
1012003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
When using the sip service, you would use a VoIP
domain in the source or destination of the rule. sip_anyor sip-tcp_any are used if not enforcing handover, andyou would not place a VoIP domain in the source ordestination of the rule. Instead, you would use Any or a
network object with the sip_any service
Part 3: Access Controland Management
-
7/31/2019 Ngx i r65 Slides
102/183
1022003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Chapter 4: Monitoring Traffic and Connections
Chapter 5: Authentication
Chapter 6: Check Point QoS
-
7/31/2019 Ngx i r65 Slides
103/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
4
Monitoring Traffic and Connections
Objectives4
-
7/31/2019 Ngx i r65 Slides
104/183
1042003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Given a deployment strategy, test and verify a new
Policy using SmartView Tracker. Given evidence of a potential intrusion or attack using
SmartView Tracker, change the Policy to block theoffending connection.
Use SmartView Monitor to block and monitor a usersactivities by implementing the SAM rule.
Given accumulated raw-logged data, configure EventiaReporter to monitor and audit network traffic.
SmartView Tracker4
-
7/31/2019 Ngx i r65 Slides
105/183
1052003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Tracker Login
SmartView Tracker4
-
7/31/2019 Ngx i r65 Slides
106/183
1062003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Log Types
SmartView Tracker Tabs
Action Icons
Log-File Management
Administrator Auditing Global Logging and Alerting
Time Settings
Blocking Connections4
-
7/31/2019 Ngx i r65 Slides
107/183
1072003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Terminating and Blocking Active Connections
SmartView Monitor4
-
7/31/2019 Ngx i r65 Slides
108/183
1082003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Monitor Login
SmartView Monitor4
-
7/31/2019 Ngx i r65 Slides
109/183
1092003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Customizable Views
Monitoring Suspicious Activity Rules
Monitoring Alerts
SmartView Tracker vs. SmartView Monitor Review
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
110/183
1102003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Eventia Reporter GUI
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
111/183
1112003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Eventia Reporter Consolidation Process
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
112/183
1122003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Eventia Reporter Server Report Creation
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
113/183
1132003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Report Types
Standard Report
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
114/183
1142003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Architecture for Express Reports
Eventia Reporter4
-
7/31/2019 Ngx i r65 Slides
115/183
1152003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Predefined Reports
Customizing Predefined Reports
Eventia Reporter Considerations
Eventia Reporter Licensing
-
7/31/2019 Ngx i r65 Slides
116/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
6
Blocking Intruder Connections
-
7/31/2019 Ngx i r65 Slides
117/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
7
Configuring Suspicious Activity Rulein SmartView Monitor
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
118/183
1182003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
1. Discuss the benefits of using SmartView Monitor
instead of SmartView Tracker in monitoring networkactivity.
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
119/183
1192003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Monitor presents an overall view of changes
throughout the network. SmartView Tracker focuses onindividual connections. SmartView Monitor also helpsthe Administrator identify traffic-flow patterns that maysignify malicious activity, maintain network availability,
and improve efficient bandwidth use.
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
120/183
1202003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. Why is there an error message when switching to
Active mode in SmartView Tracker?
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
121/183
1212003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
There are performance implications for memory and
network resources in Active mode, since data is beingactively logged.
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
122/183
1222003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. What does the Consolidation Policy in Eventia Reporter
do?
Review Questions & Answers4
-
7/31/2019 Ngx i r65 Slides
123/183
1232003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
After examining the original or raw log files, the
Consolidation Policy compresses similar events, andwrites this list into a database. Eventia Reporter reportsare generated from this database.
-
7/31/2019 Ngx i r65 Slides
124/183
Objectives5
-
7/31/2019 Ngx i r65 Slides
125/183
1252003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Create and configure users in SmartDirectory for access
to your LAN. Modify your rule base to provide permissions to users.
Configure partially automatic client authentication,install, test and verify policy in SmartView Tracker.
Creating Users and Groupsin SmartDashboard5
-
7/31/2019 Ngx i r65 Slides
126/183
1262003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Define users with VPN-1 user database,
or LDAP, RADIUS or ACE server.
Introduction to VPN-1 Authentication5
-
7/31/2019 Ngx i r65 Slides
127/183
1272003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Introduction to Authentication Methods
Authentication Schemes
Authentication Methods5
-
7/31/2019 Ngx i r65 Slides
128/183
1282003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
User Authentication
Configuring User Authentication
Session Authentication Configuring Session Authentication
Client Authentication
Configuring Client Authentication
Resolving Access Conflicts
Configuring Authentication Tracking
LDAP User Managementwith SmartDirectory5
-
7/31/2019 Ngx i r65 Slides
129/183
1292003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
LDAP Features
LDAP User Managementwith SmartDirectory5
-
7/31/2019 Ngx i r65 Slides
130/183
1302003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
LDAP Tree Structure
LDAP User Managementwith SmartDirectory5
-
7/31/2019 Ngx i r65 Slides
131/183
1312003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Multiple LDAP Servers
LDAP Servers on a Firewalled Network
LDAP User Managementwith SmartDirectory5
-
7/31/2019 Ngx i r65 Slides
132/183
1322003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Using an Existing LDAP Server
Configuring Entities to Work with VPN-1
Managing Users
SmartDirectory Groups
8
-
7/31/2019 Ngx i r65 Slides
133/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
8
Configuring Client Authentication
9
-
7/31/2019 Ngx i r65 Slides
134/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
9
Configuring LDAP Authenticationwith SmartDirectory
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
135/183
1352003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
1. Which services are most commonly associated with
User Authentication?
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
136/183
1362003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Telnet
rlogin HTTP
HTTPS
FTP
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
137/183
1372003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. Which authentication scheme requires an
authentication agent installed on the client?
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
138/183
1382003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Session Authentication
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
139/183
1392003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. What is the main advantage with using Client
Authentication?
Review Questions & Answers5
-
7/31/2019 Ngx i r65 Slides
140/183
1402003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
It can be used on any number of connections for any
service, and authentication can be validated for aspecified time.
6
-
7/31/2019 Ngx i r65 Slides
141/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
6
Check Point QoS
Objectives6
-
7/31/2019 Ngx i r65 Slides
142/183
1422003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Given a distributed network deployment, design a
strategy for implementing QoS. Based on an implementation of QoS, configure the
required bandwidth allocation for the network.
Check Point QoS Overview6
-
7/31/2019 Ngx i r65 Slides
143/183
1432003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Stateful Inspection
Intelligent Queuing Engine Weighted Flow Random Early Drop
Retransmission Detection Early Drop
Check Point QoS Architecture6
-
7/31/2019 Ngx i r65 Slides
144/183
1442003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Basic Architecture
QoS SmartCenter Server
Check Point QoS Architecture6
-
7/31/2019 Ngx i r65 Slides
145/183
1452003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
QoS SmartConsole
QoS Tab in SmartDashboard
Check Point QoS Architecture6
-
7/31/2019 Ngx i r65 Slides
146/183
1462003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
The Security Gateway
Deploying QoS6
-
7/31/2019 Ngx i r65 Slides
147/183
1472003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
QoS Distributed Deployment
Deploying QoS6
-
7/31/2019 Ngx i r65 Slides
148/183
1482003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Check Point QoS Topology Restrictions
Deploying QoS6
-
7/31/2019 Ngx i r65 Slides
149/183
1502003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Two Lines to a Router
Deploying QoS6
-
7/31/2019 Ngx i r65 Slides
150/183
1512003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Correct Configuration
Check Point QoS Rule Base6
-
7/31/2019 Ngx i r65 Slides
151/183
1522003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Bandwidth Allocation and Rules
Traditional and Express Modes QoS Action Properties
Bandwidth Allocation and Subrules
Implementing the Rule Base
QoS Rule Considerations
Differentiated Services6
-
7/31/2019 Ngx i r65 Slides
152/183
1532003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
DiffServ Marks for IPSec Packets
Interaction Between DiffServ Rules and Other Rules
Low Latency Queuing6
-
7/31/2019 Ngx i r65 Slides
153/183
1542003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Low Latency Classes
Low Latency Class Priorities When to Use Low Latency Queuing
Authenticated QoS
Monitoring QoS Policy6
-
7/31/2019 Ngx i r65 Slides
154/183
1552003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartView Tracker
SmartView Monitor Eventia Reporter
Optimizing Check Point QoS6
-
7/31/2019 Ngx i r65 Slides
155/183
1562003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Upgrade to the newest Check Point QoS version
available. Install Check Point QoS only on the external interfaces
of the Security Gateway.
Put more frequent rules at the top of your Rule Base.
Turn per-connection limits into per-rule limits. Turn per-connection guarantees into per-rule
guarantees.
10
-
7/31/2019 Ngx i r65 Slides
156/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
10
Configuring Check Point QoS Policy
Review Questions & Answers6
-
7/31/2019 Ngx i r65 Slides
157/183
1592003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Weighted Flow Random Early Drop (WFRED) is a
mechanism used by Check Point QoS for managingpacket buffers, by selectively dropping packets duringperiods of network congestion.
Retransmission Detection Early Drop (RDED) is also
used by Check Point QoS to reduce the number ofretransmissions and retransmision storms duringperiods of network congestion.
Review Questions & Answers6
-
7/31/2019 Ngx i r65 Slides
158/183
1602003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. In order to log a QoS Policy rule, what two conditions
must be met?
Review Questions & Answers6
-
7/31/2019 Ngx i r65 Slides
159/183
1612003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
The Turn on QoS logging box must be checked in the
Gateway General Properties > Logs and Masters >Additional Logging Configuration window.
The connections matching rule must be marked with
either Log or Account in the rules Track column.
Review Questions & Answers6
-
7/31/2019 Ngx i r65 Slides
160/183
1622003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. Connections in a QoS Rule Base can be configured by
applying which three elements?
Review Questions & Answers6
-
7/31/2019 Ngx i r65 Slides
161/183
1632003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Weight
Guarantee Limit
Part 4: SmartDefense
C C
-
7/31/2019 Ngx i r65 Slides
162/183
1642003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Chapter 7: Basic SmartDefense and Content Inspection
7
-
7/31/2019 Ngx i r65 Slides
163/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
7
Basic SmartDefense and Content Inspection
Objectives
U i i i A li i I lli
7
-
7/31/2019 Ngx i r65 Slides
164/183
1662003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Using content inspection, Application Intelligence,
and/or Web Intelligence, configure for port scanning andHTTP worm catcher.
Create a SmartDefense profile, and incorporate port-scanning and successive-events settings into the profile.
Test the configuration with your partner citys Webserver, and evaluate logs using SmartView Tracker.
Block connections, given evidence of a potentialintrusion or attack. Evaluate logs.
Based on network analysis disclosing threats by specificsites, configure a Web-filtering and antivirus Policy tofilter and/or scan the threatening traffic.
Introducing SmartDefense
S tD f T b d N i ti P
7
-
7/31/2019 Ngx i r65 Slides
165/183
1672003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
SmartDefense Tab and Navigation Pane
Introducing SmartDefense
N t k d A li ti I t lli
7
-
7/31/2019 Ngx i r65 Slides
166/183
1682003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Networks and Application Intelligence
Web Intelligence Online Updates
Monitor Only Mode
Network Security
D i l f S i
7
-
7/31/2019 Ngx i r65 Slides
167/183
1692003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Denial-of-Service
IP and ICMP TCP
Fingerprint Scrambling
Successive Events
Network Security
DShi ld St C t
7
-
7/31/2019 Ngx i r65 Slides
168/183
1702003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
DShield Storm Center
Network Security
P t S i
7
-
7/31/2019 Ngx i r65 Slides
169/183
1712003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Port Scanning
Application Intelligence
Mail
7
-
7/31/2019 Ngx i r65 Slides
170/183
1722003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Mail
FTP Microsoft Networks
Peer-to-Peer
Instant Messaging
DNS
VoIP
SNMP
Web Intelligence
Web Intelligence Protections
7
-
7/31/2019 Ngx i r65 Slides
171/183
1732003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Web Intelligence Protections
Web Intelligence License Enforcement
SmartDefense Services
Download Updates Tab
7
-
7/31/2019 Ngx i r65 Slides
172/183
1742003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Download Updates Tab
Advisories Tab Security Best Practices Tab
Content Inspection
Introduction to Integrated Antivirus and Web Filtering
7
-
7/31/2019 Ngx i r65 Slides
173/183
1752003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Introduction to Integrated Antivirus and Web Filtering
Technologies Database Updates
Antivirus-Scan Settings
Web Filtering
11
-
7/31/2019 Ngx i r65 Slides
174/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Configuring SmartDefense
12
-
7/31/2019 Ngx i r65 Slides
175/183
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Configuring Web-Filteringand Antivirus Settings
Review Questions & Answers
1 Explain the role Application Intelligence plays in
7
-
7/31/2019 Ngx i r65 Slides
176/183
1782003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
1. Explain the role Application Intelligence plays in
network security.
Review Questions & Answers
Application Intelligence works primarily with application
7
-
7/31/2019 Ngx i r65 Slides
177/183
1792003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Application Intelligence works primarily with application-
layer defenses to address the threats aimed at networkapplications.
Review Questions & Answers
2 What is Monitor Only mode and why is it useful?
7
-
7/31/2019 Ngx i r65 Slides
178/183
1802003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
2. What is Monitor Only mode, and why is it useful?
Review Questions & Answers
It is a feature that detects and tracks unauthorized
7
-
7/31/2019 Ngx i r65 Slides
179/183
1812003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
It is a feature that detects and tracks unauthorized
traffic without blocking it. It is helpful when deployingprotection for the first time by establishing a baseline oftraffic on your network, and by evaluating theeffectiveness of the protection without interruptingconnectivity.
Review Questions & Answers
3 What kind of tests does SmartDefense perform to verify
7
-
7/31/2019 Ngx i r65 Slides
180/183
1822003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
3. What kind of tests does SmartDefense perform to verify
the legitimacy of TCP packets?
Review Questions & Answers
Protocol-type verification
7
-
7/31/2019 Ngx i r65 Slides
181/183
1832003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
Protocol type verification
Protocol-header analysis Protocol-flag analysis and verification
Review Questions & Answers
4 How is Web Intelligence licensing enforced?
7
-
7/31/2019 Ngx i r65 Slides
182/183
1842003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.puresecurity
4. How is Web Intelligence licensing enforced?
Review Questions & Answers
By counting the number of Web servers that are
7
-
7/31/2019 Ngx i r65 Slides
183/183
By counting the number of Web servers that are
protected by each Security Gateway