CCSA-Module 2

AITA\SWBU\CCSA\08

Module 2

Key Terms

AITA\SWBU\CCSA\08

Security Policy Rule Base Rule Base Elements spoofing anti-spoofing implicit rules explicit rules implicit-drop rule

Module 2

Security Policy Defined What is a Security Policy? a set of rules that defines network security Considerations what kind of services, including customised
AITA\SWBU\CCSA\08

services and sessions are allowed across the network what users permissions and authentication schemes are needed what objects are in the network e.g. gateways, hosts, networks, routers and domains
3

Module 2

Check Point Policy Editor enables administrators to define security policy

AITA\SWBU\CCSA\08

Module 2

Access Control for Administrators Concurrent Sessions only one administrator with read/write permissions
can be logged in at any one time Management Module Fingerprint at the first log-on to a management server, the management client will receive the management servers fingerprint this can be checked against a copy of the fingerprint for verification
5

AITA\SWBU\CCSA\08

Module 2 Rule Base Defined Rule Base Elements the individual components that make up a rule No. Source Destination If/Via Services Action Track Install on Time Comment AITA\SWBU\CCSA\08

Module 2

Rule Base Defined Ctd. Rule Base Element Options to customise the element options in the rule base

AITA\SWBU\CCSA\08

Module 2

Example Policy Editor

AITA\SWBU\CCSA\08

Module 2

VPN-1/FireWall-1 NG Licensing License Types central the license is linked to the IP number of the
management server local tied to the IP number to which the license will be applied Obtaining Licenses locate certificate key on the CD cover of the CP CD contact www.checkpoint.com - selecting User Center to obtain eval or permanent license Check Point User Center
9

AITA\SWBU\CCSA\08

Module 2

SecureUpdate Made up of two components Installation Manager

and License Manager allows tracking of currently installed versions of CP and OPSEC products updating of installed CP and OPSEC software remotely from a centralised location centrally managing licenses

AITA\SWBU\CCSA\08

10

Module 2

SecureUpdate Architecture, Distributed Configuration

AITA\SWBU\CCSA\08

11

Module 2

Detecting Spoofing Spoofing is a technique used by intruders attempting

to gain unauthorized access a packets source IP address is altered to appear to come from a part of the network with higher privileges Anti-spoofing verifies that packets are coming from, and going to, the correct interfaces on the gateway i.e. packets claiming to originate in the internal network, actually DO come from that network

AITA\SWBU\CCSA\08

12

Module 2

Detecting Spoofing Configuring Anti-Spoofing networks reachable from an interface need to be

defined appropriately

should be configured on all interfaces spoof tracking is recommended anti-spoofing rules are enforced before any rule in
the Security Policy rule base

AITA\SWBU\CCSA\08

13

Module 2

Creating the Rule Base Basic Rule Base Concepts each rule in a rule base defines the packets that
match the rule based on Source, Destination, Service and the Time the packet is inspected the first rule that matches a packet is applied

AITA\SWBU\CCSA\08

14

Module 2

The default rule added when you add a rule to the Rule Base

AITA\SWBU\CCSA\08

15

Module 2

The Basic Rules Cleanup Rule CP follows the principle that which is not
expressly permitted, is prohibited all communication attempts not matching a rule will be dropped the cleanup rule drops all the communication but allows specific logging

AITA\SWBU\CCSA\08

16

Module 2

The Basic Rules The Stealth Rule prevents users from connecting directly to the
firewall

AITA\SWBU\CCSA\08

17

Module 2

Implicit and Explicit Rules Completing the Rule Base Firewall-1 NG creates implicit rules derived from
the policy properties and includes explicit rules created by the user in the Policy Editor Understanding Rule Base Order viewing implied rules will show both sets of rules merged in the correct sequence

AITA\SWBU\CCSA\08

18

Module 2

Command Line Options for the Security Policy Basic Options cpstart/cpstop starts and stops all CP applications
running on the machine cplic print displays the details of the Firewall licenses fwstart/fwstop starts and stops the Firewall NG module, firewall daemon (fwd), management module (fwm), SNMP daemon (snmpd) and authentication deamons

AITA\SWBU\CCSA\08

19