NGX I r65 Slides

Check Point Security Administration I NGX (R65)
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Slide Graphic Legend
puresecurity
Course Objectives
Part 1: Getting Started Chapter 1: Introduction to VPN-1
Given your understanding of Check Points three-tier architecture and basic firewall concepts, design and install a distributed deployment of VPN-1. Test to verify the VPN-1 deployment, based on SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard.
Chapter 2: Introduction to SecurePlatform

Given the most current configuration, update the appropriate network interface using the sysconfig utility to change the management interface. Given specific instructions, perform a backup and restore of the current Gateway installation from the command line.
puresecurity
Course Objectives
Part 2: Security Policy Chapter 3: Introduction to the Security Policy
Given the network topology, create and configure network, host, and gateway objects for your city site. In SmartMap view, actualize your city sites network objects. In SmartMap, given your partner citys network data, create and configure your partner citys Web server object. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use. Test your Rule Base with your partner city, and evaluate logs in SmartView Tracker. Given your Policys implicit rules, configure an implied rule for logging purposes.
puresecurity
Course Objectives
Manually configure NAT rules on your Web-server and Gateway objects. Refer to the Global Properties of the Gateway object. Configure the Policy using Database Revision Control.
Part 3: Access Control and Management Chapter 4: Monitoring Traffic and Connections
Given a deployment strategy, test and verify a new Policy using SmartView Tracker. Given evidence of a potential intrusion or attack using SmartView Tracker, change the Policy to block the offending connection. Use SmartView Monitor to block and monitor a users activities by implementing the SAM rule. Given accumulated raw-logged data, configure Eventia Reporter to monitor and audit network traffic.
puresecurity
Course Objectives
Chapter 5: Authentication
Create and configure users in SmartDirectory for access to your LAN. Modify your Rule Base to provide permissions for users. Configure partially automatic Client Authentication, and install, test, and verify the Policy in SmartView Tracker.
Chapter 6: Check Point QoS

Given a distributed network deployment, design a strategy for implementing QoS. Based on an implementation of QoS, configure the required bandwidth allocation for the network.
puresecurity
Course Objectives
Part 4: SmartDefense Chapter 7: Basic SmartDefense and Content Inspection
Using content inspection, Application Intelligence, and/or Web Intelligence, configure for port scanning and HTTP worm catcher. Create a SmartDefense profile, and incorporate port-scanning and successive-events settings into the profile. Test the configuration with your partner citys Web server, and evaluate logs using SmartView Tracker. Block connections, given evidence of a potential intrusion or attack. Evaluate logs. Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus Policy to filter and/or scan the threatening traffic.
puresecurity
Preface Check Point Security Administration I NGX (R65)
puresecurity
Course Layout
Prerequisites Check Point Certified Security Administrator (CCSA)
puresecurity
Recommended Setup for Labs

Recommended Lab Topology
puresecurity
10
Recommended Setup for Labs

IP Addresses Lab Terms
puresecurity
11
Check Point Security Architecture

PURE Security
puresecurity
12

Check Point Components
puresecurity
13

Unified Security Architecture
puresecurity
14

Broad Range of Security Solutions
puresecurity
15

Network Security Data Security Security Management Services
puresecurity
16
Training and Certification

CCMA Learn More
puresecurity
17
Part 1: Introduction to VPN-1

Chapter 1: VPN-1 Overview
Chapter 2: Introduction to SecurePlatform
puresecurity
18
1
VPN-1 Overview
Objectives
Given your understanding of Check Points three-tier architecture and basic firewall concepts, design and install a distributed deployment of VPN-1. Test to verify the VPN-1 deployment, based on SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard.
puresecurity
20
VPN-1 Fundamentals
VPN-1 Components
puresecurity
21
Check Points Security Gateway

OSI Communication Stack
puresecurity
22

Packet Filtering
puresecurity
23

Stateful Inspection
puresecurity
24

Application Intelligence
puresecurity
25

Bridge Mode and STP
puresecurity
26

VPN-1 Gateway Inspection Architecture
Inspection Module Flow
puresecurity
27
Security Policy Management

SmartConsole Components
puresecurity
28
Check Point SmartDashboard
puresecurity
29
SmartView Tracker
puresecurity
30
SmartView Monitor
puresecurity
31
SmartLSM
puresecurity
32
Eventia Reporter
puresecurity
33
Eventia Analyzer
puresecurity
34
VPN-1 SmartCenter Server

Basic Concepts and Terminology Using Management Plug-Ins Securing Channels of Communication
puresecurity
35

Distributed VPN-1 Configuration Showing Components with Certificates
puresecurity
36

Administrative Login Using SIC
puresecurity
37
SmartUpdate and Managing Licenses
Understanding SmartUpdate Overview of Managing Licenses Contracts/Services Service Contracts Working with Contract Files
puresecurity
38
1
VPN-1 Distributed Installation
Review Questions & Answers
1. What is the primary purpose for the VPN-1 three-tier architecture?
puresecurity
40
Separate components provide a more secure management environment.
puresecurity
41
2. What are the primary components of the Check Point Security Gateway? Explain Stateful Inspection as it relates to the OSI Model?
puresecurity
42
Packet filtering Stateful Inspection SmartDefense and Application Intelligence Stateful Inspection incorporates layer 4 awareness to the standard packet-filtering technology. It examines the contents of the packet up through the application layer of the OSI Model.
puresecurity
43

3. What are the advantages of Check Points Secure Management Architecture (SMART)? In what way does it benefit an enterprise network and its Administrators?
puresecurity
44
SMART is a unified approach to centralizing Policy management and configuration, including monitoring, logging, analysis, and reporting within a single control center.
puresecurity
45
4. What is the main purpose for the SmartCenter Server? Which function is it necessary to perform on the SmartCenter Server when incorporating Security Gateways into the network?
puresecurity
46
Used by the Security Administrator, the SmartCenter Server manages the Security Policy. In order to perform that role, the SmartCenter Server must establish SIC with other components, so that communication is verified and management can be performed on any component on the network.
puresecurity
47
2
Introduction to SecurePlatform
Objectives
Given the most current configuration, update the appropriate network interface using the sysconfig utility to change the management interface. Given specific instructions, perform a backup of the current Gateway installation from the command line.
puresecurity
49
Introduction
SecurePlatform allows easy configuration of your computer and networking aspects, along with installed Check Point products.
puresecurity
50
Hardware Requirements/Setup
Intel Pentium III 300+ MHz or equivalent processor 10 GB free disk space 256 MB (512 MB recommended) One or more supported network-adapter cards CD-ROM drive (bootable) 1024 x 768 video-adapter card
puresecurity
51
Hardware Requirements/Setup
Hardware Compatibility Testing Tool
puresecurity
52
Using the Command Line

Linux File Structure
puresecurity
53
Using the Command Line

Basic Linux Commands
sysconfig cpconfig
Backup and Restore Viewing Scheduling Status in the WebUI Restoring the Backup via the Command Line Restoring Older Versions of SecurePlatform Scheduling a Backup in the WebUI Viewing the Backup Log in the WebUI Generating CPInfo
puresecurity
54
Critical Check Point Directories
$FWDIR/conf $FWDIR/bin Log Files objects.C and objects_5_0.C rulebases_5_0.fws fwauth.NDB Exporting User Database Only Backing Up Using upgrade_export
puresecurity
55
Managing Your System

Connecting to SecurePlatform Using Secure Shell User Management
puresecurity
56
SecurePlatform Command Shell
Command Shell Management Commands Documentation Commands System Commands Snapshot-Image Management System-Diagnostic Commands Check Point Commands Network-Diagnostic Commands Network-Configuration Commands User and Administrative Commands
puresecurity
57
2
Configuring VPN-1 Using the CLI
1. What are the two primary utilities that provide interactive menu options for all configuration aspects?
puresecurity
59
sysconfig cpconfig
puresecurity
60
2. When is it useful to use backed-up information?
puresecurity
61
When the current configuration stops working, it may be necessary to revert or restore to a previous system state. When upgrading to a new version
puresecurity
62
3. What is fw monitor and fw unloadlocal?
puresecurity
63
fw monitor is a built-in utility used to capture network packets at multiple capture points within the packet transfer. fw unloadlocal is a command used to detach the Security Policy from the local machine.
puresecurity
64
4. What is the difference between the snapshot and backup commands?
puresecurity
65
snapshot backs up the entire SecurePlatform operating system and all of its products. backup reproduces the system-configuration settings only.
puresecurity
66
Part 2: Security Policy

Chapter 3: Introduction to the Security Policy
puresecurity
67
3
Introduction to the Security Policy
Objectives
Given the network topology, create and configure network, host, and gateway objects for your city site. In SmartMap view, actualize your city sites network objects. In SmartMap, given your partner citys network data, create and configure your partner citys Web server object. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use. Test your Rule Base with your partner city, and evaluate logs in SmartView Tracker. Given your Policys implicit rules, configure an implied rule for logging purposes. Manually configure NAT rules on your Web-server and Gateway objects. Refer to the Global Properties of the Gateway object. Configure the Policy using Database Revision Control.
puresecurity
69
Security Policy Basics

The Rule Base
puresecurity
70
Managing Objects in SmartDashboard

SmartDashboard and Objects Managing Objects Changing the View in the Objects Tree
puresecurity
71
3
Creating Objects, Establishing Trust and Configuring SmartMap
Creating the Rule Base
Basic Rule Base Concepts Default Rule Basic Rules Implicit/Explicit Rules Control Connections
puresecurity
73
Completing the Rule Base

Understanding Rule Base Order
puresecurity
74
Rule Base Management

Review Useful Tips
puresecurity
75
Policy Management and Revision Control

Two utilities are used for providing backups and incremental changes:
Policy Package management Database Revision Control
puresecurity
76
Policy-Management Overview
Policy Packages
Sample Organization with Different Types of Sites
puresecurity
77
Policy-Management Overview
Installation Targets Querying and Sorting Rules and Objects
puresecurity
78
Database Revision Control

Implementing Database Revision Control
puresecurity
79
4
Configuring the Security Policy
Network Address Translation

RFC 3022, Traditional IP Network Address Translator (Traditional NAT) IP Addressing
puresecurity
81

Dynamic (Hide) NAT
puresecurity
82

Static NAT
puresecurity
83
Hide Versus Static Choosing the Hide Address in Hide NAT Configuring NAT Dynamic NAT Object Configuration Manual NAT
puresecurity
84
5
Configuring Static NAT
Enabling VoIP Traffic

Supported Protocols Session Initiation Protocol
puresecurity
86

SIP Proxies in a VoIP Deployment
puresecurity
87

H.323-Based VoIP Topology
puresecurity
88

Allowed Routing Mode
puresecurity
89
Detecting IP Spoofing
Configuring Anti-Spoofing
puresecurity
90
Multicasting
Configuring Multicast Access Control
puresecurity
91
1. Objects are created by the Security Administrator to represent actual hosts and devices, as well as services and resources, to use when developing the Security Policy. What should the Administrator consider before creating objects?
puresecurity
92
What are the physical and logical components that make up the organization? Who are the users and Administrators, and how should they be grouped, i.e., access permissions, location (remote or local), etc?
puresecurity
93
2. What are some important considerations when formulating or updating a Rule Base?
puresecurity
94
Which objects are in the network, i.e., gateways, routers, hosts, networks, or domains? Which user permissions and authentication schemes are required? Which services, including customized services and sessions, are allowed across the network?
puresecurity
95
3. For which deployment scheme would Database Revision Control be most appropriate?
puresecurity
96
It is ideal for a stand-alone deployment, or distributed with a single Gateway.
puresecurity
97
4. What are some reasons for employing NAT in a network?
puresecurity
98
When requiring private IP addresses in internal networks To limit external-network access To ease network administration
puresecurity
99
5. What is the difference between sip and sip_any services when implementing VoIP in the Rule Base?
puresecurity
100
When using the sip service, you would use a VoIP domain in the source or destination of the rule. sip_any or sip-tcp_any are used if not enforcing handover, and you would not place a VoIP domain in the source or destination of the rule. Instead, you would use Any or a network object with the sip_any service
puresecurity
101
Part 3: Access Control and Management

Chapter 4: Monitoring Traffic and Connections Chapter 5: Authentication Chapter 6: Check Point QoS
puresecurity
102
4
Monitoring Traffic and Connections
Objectives
Given a deployment strategy, test and verify a new Policy using SmartView Tracker. Given evidence of a potential intrusion or attack using SmartView Tracker, change the Policy to block the offending connection. Use SmartView Monitor to block and monitor a users activities by implementing the SAM rule. Given accumulated raw-logged data, configure Eventia Reporter to monitor and audit network traffic.
puresecurity
104
SmartView Tracker
SmartView Tracker Login
puresecurity
105
SmartView Tracker
Log Types SmartView Tracker Tabs Action Icons Log-File Management Administrator Auditing Global Logging and Alerting Time Settings
puresecurity
106
Blocking Connections
Terminating and Blocking Active Connections
puresecurity
107
SmartView Monitor
SmartView Monitor Login
puresecurity
108
SmartView Monitor
Customizable Views Monitoring Suspicious Activity Rules Monitoring Alerts SmartView Tracker vs. SmartView Monitor Review
puresecurity
109
Eventia Reporter
Eventia Reporter GUI
puresecurity
110
Eventia Reporter
Eventia Reporter Consolidation Process
puresecurity
111
Eventia Reporter
Eventia Reporter Server Report Creation
puresecurity
112
Eventia Reporter
Report Types
Standard Report
puresecurity
113
Eventia Reporter
Architecture for Express Reports
puresecurity
114
Eventia Reporter
Predefined Reports Customizing Predefined Reports Eventia Reporter Considerations Eventia Reporter Licensing
puresecurity
115
6
Blocking Intruder Connections
7
Configuring Suspicious Activity Rule in SmartView Monitor
1. Discuss the benefits of using SmartView Monitor instead of SmartView Tracker in monitoring network activity.
puresecurity
118
SmartView Monitor presents an overall view of changes throughout the network. SmartView Tracker focuses on individual connections. SmartView Monitor also helps the Administrator identify traffic-flow patterns that may signify malicious activity, maintain network availability, and improve efficient bandwidth use.
puresecurity
119
2. Why is there an error message when switching to Active mode in SmartView Tracker?
puresecurity
120
There are performance implications for memory and network resources in Active mode, since data is being actively logged.
puresecurity
121
3. What does the Consolidation Policy in Eventia Reporter do?
puresecurity
122
After examining the original or raw log files, the Consolidation Policy compresses similar events, and writes this list into a database. Eventia Reporter reports are generated from this database.
puresecurity
123
5
User Management and Authentication
Objectives
Create and configure users in SmartDirectory for access to your LAN. Modify your rule base to provide permissions to users. Configure partially automatic client authentication, install, test and verify policy in SmartView Tracker.
puresecurity
125
Creating Users and Groups in SmartDashboard

Define users with VPN-1 user database, or LDAP, RADIUS or ACE server.
puresecurity
126
Introduction to VPN-1 Authentication

Introduction to Authentication Methods Authentication Schemes
puresecurity
127
Authentication Methods
User Authentication
Configuring User Authentication
Session Authentication
Configuring Session Authentication
Client Authentication
Configuring Client Authentication
Resolving Access Conflicts Configuring Authentication Tracking
puresecurity
128
LDAP User Management with SmartDirectory

LDAP Features
puresecurity
129

LDAP Tree Structure
puresecurity
130

Multiple LDAP Servers
LDAP Servers on a Firewalled Network
puresecurity
131

Using an Existing LDAP Server Configuring Entities to Work with VPN-1 Managing Users SmartDirectory Groups
puresecurity
132
8
Configuring Client Authentication
9
Configuring LDAP Authentication with SmartDirectory
1. Which services are most commonly associated with User Authentication?
puresecurity
135
Telnet rlogin HTTP HTTPS FTP
puresecurity
136
2. Which authentication scheme requires an authentication agent installed on the client?
puresecurity
137
Session Authentication
puresecurity
138
3. What is the main advantage with using Client Authentication?
puresecurity
139
It can be used on any number of connections for any service, and authentication can be validated for a specified time.
puresecurity
140
6
Check Point QoS
Objectives
Given a distributed network deployment, design a strategy for implementing QoS. Based on an implementation of QoS, configure the required bandwidth allocation for the network.
puresecurity
142
Check Point QoS Overview
Stateful Inspection Intelligent Queuing Engine Weighted Flow Random Early Drop Retransmission Detection Early Drop
puresecurity
143
Check Point QoS Architecture

Basic Architecture QoS SmartCenter Server
puresecurity
144

QoS SmartConsole
QoS Tab in SmartDashboard
puresecurity
145

The Security Gateway
puresecurity
146
Deploying QoS
QoS Distributed Deployment
puresecurity
147
Deploying QoS
Check Point QoS Topology Restrictions
puresecurity
148
Deploying QoS
Two Lines to a Router
puresecurity
150
Deploying QoS
Correct Configuration
puresecurity
151
Check Point QoS Rule Base
Bandwidth Allocation and Rules Traditional and Express Modes QoS Action Properties Bandwidth Allocation and Subrules Implementing the Rule Base QoS Rule Considerations
puresecurity
152
Differentiated Services
DiffServ Marks for IPSec Packets Interaction Between DiffServ Rules and Other Rules
puresecurity
153
Low Latency Queuing
Low Latency Classes Low Latency Class Priorities When to Use Low Latency Queuing Authenticated QoS
puresecurity
154
Monitoring QoS Policy

SmartView Tracker SmartView Monitor Eventia Reporter
puresecurity
155
Optimizing Check Point QoS

Upgrade to the newest Check Point QoS version available. Install Check Point QoS only on the external interfaces of the Security Gateway. Put more frequent rules at the top of your Rule Base. Turn per-connection limits into per-rule limits. Turn per-connection guarantees into per-rule guarantees.
puresecurity
156
10
Configuring Check Point QoS Policy
Weighted Flow Random Early Drop (WFRED) is a mechanism used by Check Point QoS for managing packet buffers, by selectively dropping packets during periods of network congestion. Retransmission Detection Early Drop (RDED) is also used by Check Point QoS to reduce the number of retransmissions and retransmision storms during periods of network congestion.
puresecurity
159
2. In order to log a QoS Policy rule, what two conditions must be met?
puresecurity
160
The Turn on QoS logging box must be checked in the Gateway General Properties > Logs and Masters > Additional Logging Configuration window. The connections matching rule must be marked with either Log or Account in the rules Track column.
puresecurity
161
3. Connections in a QoS Rule Base can be configured by applying which three elements?
puresecurity
162
Weight Guarantee Limit
puresecurity
163
Part 4: SmartDefense
Chapter 7: Basic SmartDefense and Content Inspection
puresecurity
164
7
Basic SmartDefense and Content Inspection
Objectives
Using content inspection, Application Intelligence, and/or Web Intelligence, configure for port scanning and HTTP worm catcher. Create a SmartDefense profile, and incorporate portscanning and successive-events settings into the profile. Test the configuration with your partner citys Web server, and evaluate logs using SmartView Tracker. Block connections, given evidence of a potential intrusion or attack. Evaluate logs. Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus Policy to filter and/or scan the threatening traffic.
puresecurity
166
Introducing SmartDefense
SmartDefense Tab and Navigation Pane
puresecurity
167
Introducing SmartDefense
Networks and Application Intelligence Web Intelligence Online Updates Monitor Only Mode
puresecurity
168
Network Security
Denial-of-Service IP and ICMP TCP Fingerprint Scrambling Successive Events
puresecurity
169
Network Security
DShield Storm Center
puresecurity
170
Network Security
Port Scanning
puresecurity
171
Application Intelligence
Mail FTP Microsoft Networks Peer-to-Peer Instant Messaging DNS VoIP SNMP
puresecurity
172
Web Intelligence
Web Intelligence Protections Web Intelligence License Enforcement
puresecurity
173
SmartDefense Services
Download Updates Tab Advisories Tab Security Best Practices Tab
puresecurity
174
Content Inspection
Introduction to Integrated Antivirus and Web Filtering Technologies Database Updates Antivirus-Scan Settings Web Filtering
puresecurity
175
11
Configuring SmartDefense
12
Configuring Web-Filtering and Antivirus Settings
1. Explain the role Application Intelligence plays in network security.
puresecurity
178
Application Intelligence works primarily with applicationlayer defenses to address the threats aimed at network applications.
puresecurity
179
2. What is Monitor Only mode, and why is it useful?
puresecurity
180
It is a feature that detects and tracks unauthorized traffic without blocking it. It is helpful when deploying protection for the first time by establishing a baseline of traffic on your network, and by evaluating the effectiveness of the protection without interrupting connectivity.
puresecurity
181
3. What kind of tests does SmartDefense perform to verify the legitimacy of TCP packets?
puresecurity
182
Protocol-type verification Protocol-header analysis Protocol-flag analysis and verification
puresecurity
183
4. How is Web Intelligence licensing enforced?
puresecurity
184
By counting the number of Web servers that are protected by each Security Gateway
puresecurity
185

NGX I r65 Slides

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

NGX I r65 Slides

Enviado por

Direitos autorais:

Formatos disponíveis

Check Point Security Administration I NGX (R65)

Slide Graphic Legend

Chapter 2: Introduction to SecurePlatform

Chapter 6: Check Point QoS

Preface Check Point Security Administration I NGX (R65)

Recommended Setup for Labs

Recommended Setup for Labs

Check Point Security Architecture

Check Point Security Architecture

Check Point Security Architecture

Check Point Security Architecture

Check Point Security Architecture

Network Security Data Security Security Management Services

Training and Certification

Part 1: Introduction to VPN-1

Chapter 2: Introduction to SecurePlatform

Check Points Security Gateway

Check Points Security Gateway

Check Points Security Gateway

Check Points Security Gateway

Check Points Security Gateway

Check Points Security Gateway

Security Policy Management

Check Point SmartDashboard

VPN-1 SmartCenter Server

VPN-1 SmartCenter Server

VPN-1 SmartCenter Server

SmartUpdate and Managing Licenses

Review Questions & Answers

1. What is the primary purpose for the VPN-1 three-tier architecture?

Review Questions & Answers

Separate components provide a more secure management environment.

Review Questions & Answers

Review Questions & Answers

Review Questions & Answers

Review Questions & Answers

Review Questions & Answers

Review Questions & Answers

Using the Command Line

Using the Command Line

Critical Check Point Directories

Managing Your System

SecurePlatform Command Shell

Review Questions & Answers

Review Questions & Answers

Review Questions & Answers

2. When is it useful to use backed-up information?

Review Questions & Answers

Review Questions & Answers

3. What is fw monitor and fw unloadlocal?

Review Questions & Answers

Review Questions & Answers

4. What is the difference between the snapshot and backup commands?

Review Questions & Answers

Part 2: Security Policy

Security Policy Basics

Managing Objects in SmartDashboard

Creating the Rule Base

Completing the Rule Base

Rule Base Management

Policy Management and Revision Control

Database Revision Control