Escolar Documentos
Profissional Documentos
Cultura Documentos
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 1: Getting Started Chapter 1: Introduction to VPN-1
Given your understanding of Check Points three-tier architecture and basic firewall concepts, design and install a distributed deployment of VPN-1. Test to verify the VPN-1 deployment, based on SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 2: Security Policy Chapter 3: Introduction to the Security Policy
Given the network topology, create and configure network, host, and gateway objects for your city site. In SmartMap view, actualize your city sites network objects. In SmartMap, given your partner citys network data, create and configure your partner citys Web server object. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use. Test your Rule Base with your partner city, and evaluate logs in SmartView Tracker. Given your Policys implicit rules, configure an implied rule for logging purposes.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Manually configure NAT rules on your Web-server and Gateway objects. Refer to the Global Properties of the Gateway object. Configure the Policy using Database Revision Control.
Part 3: Access Control and Management Chapter 4: Monitoring Traffic and Connections
Given a deployment strategy, test and verify a new Policy using SmartView Tracker. Given evidence of a potential intrusion or attack using SmartView Tracker, change the Policy to block the offending connection. Use SmartView Monitor to block and monitor a users activities by implementing the SAM rule. Given accumulated raw-logged data, configure Eventia Reporter to monitor and audit network traffic.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Chapter 5: Authentication
Create and configure users in SmartDirectory for access to your LAN. Modify your Rule Base to provide permissions for users. Configure partially automatic Client Authentication, and install, test, and verify the Policy in SmartView Tracker.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 4: SmartDefense Chapter 7: Basic SmartDefense and Content Inspection
Using content inspection, Application Intelligence, and/or Web Intelligence, configure for port scanning and HTTP worm catcher. Create a SmartDefense profile, and incorporate port-scanning and successive-events settings into the profile. Test the configuration with your partner citys Web server, and evaluate logs using SmartView Tracker. Block connections, given evidence of a potential intrusion or attack. Evaluate logs. Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus Policy to filter and/or scan the threatening traffic.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Course Layout
Prerequisites Check Point Certified Security Administrator (CCSA)
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
10
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
11
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
12
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
13
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
14
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
15
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
16
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
17
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
18
1
VPN-1 Overview
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Given your understanding of Check Points three-tier architecture and basic firewall concepts, design and install a distributed deployment of VPN-1. Test to verify the VPN-1 deployment, based on SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
20
VPN-1 Fundamentals
VPN-1 Components
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
21
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
22
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
23
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
24
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
25
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
26
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
27
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
28
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
29
SmartView Tracker
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
30
SmartView Monitor
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
31
SmartLSM
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
32
Eventia Reporter
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
33
Eventia Analyzer
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
34
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
35
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
36
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
37
Understanding SmartUpdate Overview of Managing Licenses Contracts/Services Service Contracts Working with Contract Files
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
38
1
VPN-1 Distributed Installation
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
40
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
41
2. What are the primary components of the Check Point Security Gateway? Explain Stateful Inspection as it relates to the OSI Model?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
42
Packet filtering Stateful Inspection SmartDefense and Application Intelligence Stateful Inspection incorporates layer 4 awareness to the standard packet-filtering technology. It examines the contents of the packet up through the application layer of the OSI Model.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
43
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
44
SMART is a unified approach to centralizing Policy management and configuration, including monitoring, logging, analysis, and reporting within a single control center.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
45
4. What is the main purpose for the SmartCenter Server? Which function is it necessary to perform on the SmartCenter Server when incorporating Security Gateways into the network?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
46
Used by the Security Administrator, the SmartCenter Server manages the Security Policy. In order to perform that role, the SmartCenter Server must establish SIC with other components, so that communication is verified and management can be performed on any component on the network.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
47
2
Introduction to SecurePlatform
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Given the most current configuration, update the appropriate network interface using the sysconfig utility to change the management interface. Given specific instructions, perform a backup of the current Gateway installation from the command line.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
49
Introduction
SecurePlatform allows easy configuration of your computer and networking aspects, along with installed Check Point products.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
50
Hardware Requirements/Setup
Intel Pentium III 300+ MHz or equivalent processor 10 GB free disk space 256 MB (512 MB recommended) One or more supported network-adapter cards CD-ROM drive (bootable) 1024 x 768 video-adapter card
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
51
Hardware Requirements/Setup
Hardware Compatibility Testing Tool
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
52
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
53
Backup and Restore Viewing Scheduling Status in the WebUI Restoring the Backup via the Command Line Restoring Older Versions of SecurePlatform Scheduling a Backup in the WebUI Viewing the Backup Log in the WebUI Generating CPInfo
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
54
$FWDIR/conf $FWDIR/bin Log Files objects.C and objects_5_0.C rulebases_5_0.fws fwauth.NDB Exporting User Database Only Backing Up Using upgrade_export
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
55
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
56
Command Shell Management Commands Documentation Commands System Commands Snapshot-Image Management System-Diagnostic Commands Check Point Commands Network-Diagnostic Commands Network-Configuration Commands User and Administrative Commands
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
57
2
Configuring VPN-1 Using the CLI
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
1. What are the two primary utilities that provide interactive menu options for all configuration aspects?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
59
sysconfig cpconfig
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
60
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
61
When the current configuration stops working, it may be necessary to revert or restore to a previous system state. When upgrading to a new version
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
62
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
63
fw monitor is a built-in utility used to capture network packets at multiple capture points within the packet transfer. fw unloadlocal is a command used to detach the Security Policy from the local machine.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
64
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
65
snapshot backs up the entire SecurePlatform operating system and all of its products. backup reproduces the system-configuration settings only.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
66
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
67
3
Introduction to the Security Policy
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Given the network topology, create and configure network, host, and gateway objects for your city site. In SmartMap view, actualize your city sites network objects. In SmartMap, given your partner citys network data, create and configure your partner citys Web server object. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use. Test your Rule Base with your partner city, and evaluate logs in SmartView Tracker. Given your Policys implicit rules, configure an implied rule for logging purposes. Manually configure NAT rules on your Web-server and Gateway objects. Refer to the Global Properties of the Gateway object. Configure the Policy using Database Revision Control.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
69
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
70
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
71
3
Creating Objects, Establishing Trust and Configuring SmartMap
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Basic Rule Base Concepts Default Rule Basic Rules Implicit/Explicit Rules Control Connections
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
73
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
74
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
75
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
76
Policy-Management Overview
Policy Packages
Sample Organization with Different Types of Sites
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
77
Policy-Management Overview
Installation Targets Querying and Sorting Rules and Objects
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
78
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
79
4
Configuring the Security Policy
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
81
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
82
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
83
Hide Versus Static Choosing the Hide Address in Hide NAT Configuring NAT Dynamic NAT Object Configuration Manual NAT
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
84
5
Configuring Static NAT
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
86
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
87
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
88
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
89
Detecting IP Spoofing
Configuring Anti-Spoofing
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
90
Multicasting
Configuring Multicast Access Control
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
91
1. Objects are created by the Security Administrator to represent actual hosts and devices, as well as services and resources, to use when developing the Security Policy. What should the Administrator consider before creating objects?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
92
What are the physical and logical components that make up the organization? Who are the users and Administrators, and how should they be grouped, i.e., access permissions, location (remote or local), etc?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
93
2. What are some important considerations when formulating or updating a Rule Base?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
94
Which objects are in the network, i.e., gateways, routers, hosts, networks, or domains? Which user permissions and authentication schemes are required? Which services, including customized services and sessions, are allowed across the network?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
95
3. For which deployment scheme would Database Revision Control be most appropriate?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
96
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
97
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
98
When requiring private IP addresses in internal networks To limit external-network access To ease network administration
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
99
5. What is the difference between sip and sip_any services when implementing VoIP in the Rule Base?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
100
When using the sip service, you would use a VoIP domain in the source or destination of the rule. sip_any or sip-tcp_any are used if not enforcing handover, and you would not place a VoIP domain in the source or destination of the rule. Instead, you would use Any or a network object with the sip_any service
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
101
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
102
4
Monitoring Traffic and Connections
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Given a deployment strategy, test and verify a new Policy using SmartView Tracker. Given evidence of a potential intrusion or attack using SmartView Tracker, change the Policy to block the offending connection. Use SmartView Monitor to block and monitor a users activities by implementing the SAM rule. Given accumulated raw-logged data, configure Eventia Reporter to monitor and audit network traffic.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
104
SmartView Tracker
SmartView Tracker Login
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
105
SmartView Tracker
Log Types SmartView Tracker Tabs Action Icons Log-File Management Administrator Auditing Global Logging and Alerting Time Settings
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
106
Blocking Connections
Terminating and Blocking Active Connections
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
107
SmartView Monitor
SmartView Monitor Login
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
108
SmartView Monitor
Customizable Views Monitoring Suspicious Activity Rules Monitoring Alerts SmartView Tracker vs. SmartView Monitor Review
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
109
Eventia Reporter
Eventia Reporter GUI
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
110
Eventia Reporter
Eventia Reporter Consolidation Process
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
111
Eventia Reporter
Eventia Reporter Server Report Creation
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
112
Eventia Reporter
Report Types
Standard Report
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
113
Eventia Reporter
Architecture for Express Reports
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
114
Eventia Reporter
Predefined Reports Customizing Predefined Reports Eventia Reporter Considerations Eventia Reporter Licensing
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
115
6
Blocking Intruder Connections
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
7
Configuring Suspicious Activity Rule in SmartView Monitor
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
1. Discuss the benefits of using SmartView Monitor instead of SmartView Tracker in monitoring network activity.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
118
SmartView Monitor presents an overall view of changes throughout the network. SmartView Tracker focuses on individual connections. SmartView Monitor also helps the Administrator identify traffic-flow patterns that may signify malicious activity, maintain network availability, and improve efficient bandwidth use.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
119
2. Why is there an error message when switching to Active mode in SmartView Tracker?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
120
There are performance implications for memory and network resources in Active mode, since data is being actively logged.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
121
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
122
After examining the original or raw log files, the Consolidation Policy compresses similar events, and writes this list into a database. Eventia Reporter reports are generated from this database.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
123
5
User Management and Authentication
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Create and configure users in SmartDirectory for access to your LAN. Modify your rule base to provide permissions to users. Configure partially automatic client authentication, install, test and verify policy in SmartView Tracker.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
125
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
126
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
127
Authentication Methods
User Authentication
Configuring User Authentication
Session Authentication
Configuring Session Authentication
Client Authentication
Configuring Client Authentication
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
128
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
129
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
130
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
131
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
132
8
Configuring Client Authentication
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
9
Configuring LDAP Authentication with SmartDirectory
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
135
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
136
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
137
Session Authentication
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
138
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
139
It can be used on any number of connections for any service, and authentication can be validated for a specified time.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
140
6
Check Point QoS
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Given a distributed network deployment, design a strategy for implementing QoS. Based on an implementation of QoS, configure the required bandwidth allocation for the network.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
142
Stateful Inspection Intelligent Queuing Engine Weighted Flow Random Early Drop Retransmission Detection Early Drop
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
143
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
144
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
145
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
146
Deploying QoS
QoS Distributed Deployment
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
147
Deploying QoS
Check Point QoS Topology Restrictions
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
148
Deploying QoS
Two Lines to a Router
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
150
Deploying QoS
Correct Configuration
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
151
Bandwidth Allocation and Rules Traditional and Express Modes QoS Action Properties Bandwidth Allocation and Subrules Implementing the Rule Base QoS Rule Considerations
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
152
Differentiated Services
DiffServ Marks for IPSec Packets Interaction Between DiffServ Rules and Other Rules
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
153
Low Latency Classes Low Latency Class Priorities When to Use Low Latency Queuing Authenticated QoS
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
154
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
155
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
156
10
Configuring Check Point QoS Policy
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Weighted Flow Random Early Drop (WFRED) is a mechanism used by Check Point QoS for managing packet buffers, by selectively dropping packets during periods of network congestion. Retransmission Detection Early Drop (RDED) is also used by Check Point QoS to reduce the number of retransmissions and retransmision storms during periods of network congestion.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
159
2. In order to log a QoS Policy rule, what two conditions must be met?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
160
The Turn on QoS logging box must be checked in the Gateway General Properties > Logs and Masters > Additional Logging Configuration window. The connections matching rule must be marked with either Log or Account in the rules Track column.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
161
3. Connections in a QoS Rule Base can be configured by applying which three elements?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
162
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
163
Part 4: SmartDefense
Chapter 7: Basic SmartDefense and Content Inspection
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
164
7
Basic SmartDefense and Content Inspection
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Using content inspection, Application Intelligence, and/or Web Intelligence, configure for port scanning and HTTP worm catcher. Create a SmartDefense profile, and incorporate portscanning and successive-events settings into the profile. Test the configuration with your partner citys Web server, and evaluate logs using SmartView Tracker. Block connections, given evidence of a potential intrusion or attack. Evaluate logs. Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus Policy to filter and/or scan the threatening traffic.
puresecurity
166
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Introducing SmartDefense
SmartDefense Tab and Navigation Pane
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
167
Introducing SmartDefense
Networks and Application Intelligence Web Intelligence Online Updates Monitor Only Mode
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
168
Network Security
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
169
Network Security
DShield Storm Center
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
170
Network Security
Port Scanning
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
171
Application Intelligence
Mail FTP Microsoft Networks Peer-to-Peer Instant Messaging DNS VoIP SNMP
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
172
Web Intelligence
Web Intelligence Protections Web Intelligence License Enforcement
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
173
SmartDefense Services
Download Updates Tab Advisories Tab Security Best Practices Tab
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
174
Content Inspection
Introduction to Integrated Antivirus and Web Filtering Technologies Database Updates Antivirus-Scan Settings Web Filtering
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
175
11
Configuring SmartDefense
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
12
Configuring Web-Filtering and Antivirus Settings
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
178
Application Intelligence works primarily with applicationlayer defenses to address the threats aimed at network applications.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
179
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
180
It is a feature that detects and tracks unauthorized traffic without blocking it. It is helpful when deploying protection for the first time by establishing a baseline of traffic on your network, and by evaluating the effectiveness of the protection without interrupting connectivity.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
181
3. What kind of tests does SmartDefense perform to verify the legitimacy of TCP packets?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
182
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
183
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
184
By counting the number of Web servers that are protected by each Security Gateway
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
185