CheckPoint Security Administration Module_PartI_09Nov2009

Check Point Security

Administration Training

Phan Thanh Long

Công ty Misoft

Email: [email protected]

Check Point Security Administration

Course Map

Module 1: Check Point Firewall Architecture &

Installation

Module 2: Security Policy

Module 3: Network Address Translation

Module 4: Log/Monitoring

Module 5: SmartDefense

Module 6: Encryption and VPNs

Module 7: Disaster Recovery


Course Map

Module 1: Check Point Firewall Architecture &

Installation








Administration

Module 1: Check Point Firewall

Architecture & Installation

Module 1: Check Point Firewall

Architecture & Installation

Introduction

Objectives

Describe the purpose of a firewall.

Describe and compare firewall architectures

Identify the different components of

Check Point firewall

Check Point firewall Deployments Models

SIC (Secure Internal Communication )

SmartConsole components

Lab 1: Firewall Stand-alone Installation

Lab 2: Firewall Distributed Installation

Describe the purpose of a firewall

Firewall Technologies

A firewall is a system designed to

prevent unauthorised access to or from a

secured network

act as a locked security door between internal

and external networks

data meeting certain criteria will be allowed

through

However, note that a firewall can only

protect a network from traffic filtered

through it

Internet

SSL

DMZ

IPSec

Trusted Networks

Trusted Users

Firewall

What is a Firewall?

Describe and compare firewall

architectures

Firewall Technologies

Packet Filters

Application-Layer Gateway

Stateful Inspection

Packet Filters

Packet Filtering Path in the OSI Model

Packet Filters

The Advantages of Packet Filtering:

• Inexpensive

• Application transparency

• Faster than application layer gateways

The Disadvantages of Packet Filtering:

• Access to a limited part of a packet header

only

• Limited screening above the network layer

• Very limited ability to manipulate information

Application-Layer Gateway (Proxy)

Application-Layer Gateway Path

Application-Layer Gateway

The advantages of application layer gateways are:

• Good security

• Full application-layer awareness

The disadvantages of Application Layer Gateways (Proxy) are:

• Each service requires its own process, so the number of available

services and their scalability is poor

• Implementation at the application level is detrimental to performance

• Most proxies are not transparent

• Vulnerable to operating system and application level bugs

• Overlooks information contained in lower layers

Stateful Inspection

Stateful Inspection Technologyinvented by CheckPoint Software Technologies

Stateful Inspection

•It is not sufficient to examine packets in isolation.

•State information—derived from past communications and other

applications—is an essential factor in making the control decision

for new communication attempts.

•The ability to perform Information manipulation on data in any part

of the packet

Check Point Firewall Architecture

SmartConsole (Client)

SmartCenter (Management Server)

Security Gateway (Enforcement)

SmartCenterSmartConsole

Security Gateway

SmartConsoleSmartDashboard

SmartConsole

SmartCenter (Management)

Security policy is defined using the

SmartDashboard

It is then saved to the SmartCenter

SmartCenter maintains policy

databases including

network object definitions

user definitions

security policy

log files

SmartCenter

Security Gateway (Firewall Enforcement)

Deployed on the gateway

An Inspection script written in

INSPECT is generated from the

security policy

Inspection code is compiled from the

script and downloaded to the Security

Gateway

Security GatewaySecurity Gateway

How Security Gateway Works

INSPECT engine allowing Packets

if a packet passes inspection, the Firewall

Module passes packets through the TCP/IP

stack to their destination

if packets are destined for the OS local

processes, are inspected then passed through

the TCP/IP stack

if packets do not pass inspection, they are

blocked.


INSPECT engine

INSPECT Engine analyzes packet and extracts all relevant

information (communication and application level)

The INSPECT Engine resides in an operating system’s

kernel, loaded between the second and third levels, which are

the network interface card (NIC) driver

By inspecting communications at the kernel level, the

INSPECT Engine intercepts and analyzes all packets before

they reach the operating system

No packet is processed by any of the higher protocol layers,

unless FireWall verifies that it complies with the enterprise

security policy


Security features…

IPSsubscription

Anti-Spamsubscription

Web Application Firewallexpansion

SSL VPN / QoSexpansion

URL Filteringsubscription

VPN (site-to-site, remote access)standard

Anti-virus / Anti-spywaresubscription

The best Firewall in the market

HTTP FTP

Instant Msg E-mail P2P

VoIP SQL

standard

Stand-alone Deployments Models

Distributed Deployments Models

Secure Internal Communication (SIC)

SIC secures communication between

Check Point components such as SmartCenter

SmartConsole

Security Gateway

Customer log modules

OPSEC applications

...

Security Benefits of SIC

Confirms a SmartConsole connecting

to a SmartCenter is authorised

Verifies that a security policy loaded

on a Security Gateway came from an

authorised SmartCenter

SIC ensures that data privacy and

integrity is maintained

SIC Certificates

SIC Certificates

enables each CheckPoint enabled

machine to be uniquely identified

a unique certificate is generated for each

physical machine

certificates are generated by the Internal

Certificate of Authority (ICA) on the

Management module

SIC Certificates

the ICA automatically creates a certificate for the Management module during installation

certificates for other modules are created via a simple initialisation from the Management Client

upon initialisation, the ICA creates, signs and delivers a certificate to the communication component

Distributed VPN-1 NGX configuration

with certificates

SmartConsole components

SmartDashboard

SmartView Tracker

SmartView Monitor

SmartUpdate

Policy Editor

SmartDashboard

SmartView Tracker

Log viewer/management

SmartView Monitor

SmartUpdate

SmartUpdate…

Module 1:

Review

Summary

Review Questions

Review and discussion

Review Question

What is Stateful Inspection Firewall?

What process does Check Point FireWall

use to accept, drop, or reject packets?

What three components making up Check

Point Firewall?

What are key SmartConsole Components?

What are deployments Models

Lab 1: NGX Stand-alone Installation

Installing VPN-1 NGX (SmartCenter

and Security Gateway) on

SecurePlatform

Installing SmartConsole on Windows

Lab 1: NGX Stand-alone Installation

Lab Topology

Security Administration

Lab IP Addresses

PC IP PC

(Web Server)

IP FW Internal

(Int 0)

IP FW DMZ

(Int 1)

IP FW External (Int 2) FW Default Gateway

1 172.16.1.5/24 172.16.1.1/24 172.17.1.1/24 192.168.50.1/24 192.168.50.254/24

2 172.16.2.5/24 172.16.2.1/24 172.17.2.1/24 192.168.50.2/24 192.168.50.254/24

3 172.16.3.5/24 172.16.3.1/24 172.17.3.1/24 192.168.50.3/24 192.168.50.254/24

4 172.16.4.5/24 172.16.4.1/24 172.17.4.1/24 192.168.50.4/24 192.168.50.254/24

5 172.16.5.5/24 172.16.5.1/24 172.17.5.1/24 192.168.50.5/24 192.168.50.254/24

6 172.16.6.5/24 172.16.6.1/24 172.17.6.1/24 192.168.50.6/24 192.168.50.254/24

7 172.16.7.5/24 172.16.7.1/24 172.17.7.1/24 192.168.50.7/24 192.168.50.254/24

8 172.16.8.5/24 172.16.8.1/24 172.17.8.1/24 192.168.50.8/24 192.168.50.254/24

9 172.16.9.5/24 172.16.9.1/24 172.17.9.1/24 192.168.50.9/24 192.168.50.254/24

10 172.16.10.5/24 172.16.10.1/24 172.17.10.1/24 192.168.50.10/24 192.168.50.254/24

11 172.16.11.5/24 172.16.11.1/24 172.17.11.1/24 192.168.50.11/24 192.168.50.254/24

12 172.16.12.5/24 172.16.12.1/24 172.17.12.1/24 192.168.50.12/24 192.168.50.254/24

13 172.16.13.5/24 172.16.13.1/24 172.17.13.1/24 192.168.50.11/24 192.168.50.254/24

14 172.16.14.5/24 172.16.14.1/24 172.17.14.1/24 192.168.50.14/24 192.168.50.254/24

15 172.16.15.5/24 172.16.15.1/24 172.17.15.1/24 192.168.50.15/24 192.168.50.254/24

16 172.16.16.5/24 172.16.16.1/24 172.17.16.1/24 192.168.50.16/24 192.168.50.254/24

17 172.16.17.5/24 172.16.17.1/24 172.17.17.1/24 192.168.50.17/24 192.168.50.254/24

18 172.16.18.5/24 172.16.18.1/24 172.17.18.1/24 192.168.50.18/24 192.168.50.254/24

19 172.16.19.5/24 172.16.19.1/24 172.17.19.1/24 192.168.50.19/24 192.168.50.254/24

20 172.16.20.5/24 172.16.20.1/24 172.17.20.1/24 192.168.50.20/24 192.168.50.254/24

SecurePlatform Installation

Hệ điều hành dựa trên Linux (Linux based,

kernel 2.4 & 2.6)

Có thể cài đặt trên máy chủ (Open Servers),

thiết bị của Check Point (UTM-1, Power-1), hay

thiết bị của third-party (Crossbeam)

Cài bằng cách boot ổ đĩa CD, qua cổng USB

(usb CD hoặc usb device)

Sử dụng giao diện dòng lệnh, hoặc qua giao

diện Web (chú ý thiết bị Check Point yêu cầu

cài qua giao diện Web trước) khi cài đặt

SecurePlatform Installation

Một số chú ý

Đặt hostname chuẩn, tên này sẽ dùng đặt cho

object

Đặt thời gian, ngày tháng chính xác, với múi

giờ Vietnam GMT + 7

Management IP sẽ là IP dùng Object. Sử dụng

địa chỉ Interface hướng về SmartCenter, hoặc

mạng nội bộ (stand-alone deployment)

SecurePlatform Configuration

Cấu hình qua dòng lệnh (Console, SSH)

Cấu hình qua giao diện Web

webui enable [https port]

webui disable


Một số lệnh, tiện ích thường dùng

sysconfig : thiết lập hầu hết cấu hình cơ bản

os

cpconfig: cấu hình sản phẩm Check Point

expert : vào Expert Mode để dùng các lệnh

linux

fw ver, fwm ver

cpstop, cpstart, cprestart

fw stat: xem policy đang cài trên firewall


Một số lệnh, tiện ích thường dùng

fw unloadlocal: gỡ bỏ Policy trên firewall

Khi cài đặt xong Check Point, chính sách mặc

định ‘cấm tất’ được cài đặt. Sử dụng lệnh khi

cần mở cho các kết nối quản trị ban đầu, test,

hoặc khi bị firewall block chính mình

SecurePlatform Routing

Routing

ip route add x.x.x.x /xx via x.x.x.x

ip route add x.x.x.x /xx dev ethx

ip route add default via x.x.x.x

ip route add default dev ethx

Ip route show

route --save

Lab 2: Distributed Deployments

Installation

Installing SmartCenter Windows

Server 2003

Installing Security Gateway on

SecurePlatform

Installing SmartConsole on Windows

Lab2: Distributed Deployments

Installation

Lab Topology


Lab IP AddressesPC IP PC

(Web Server)

IP SmartCenter IP FW Internal

(Int 0)

IP FW Server

(Int 1)

IP FW External (Int

2)

FW Default

Gateway

1 172.16.1.5/24 172.17.1.2/24 172.16.1.1/24 172.17.1.1/24 192.168.50.1/24 192.168.50.254/24

2 172.16.2.5/24 172.17.2.2/24 172.16.2.1/24 172.17.2.1/24 192.168.50.2/24 192.168.50.254/24

3 172.16.3.5/24 172.17.3.2/24 172.16.3.1/24 172.17.3.1/24 192.168.50.3/24 192.168.50.254/24

4 172.16.4.5/24 172.17.4.2/24 172.16.4.1/24 172.17.4.1/24 192.168.50.4/24 192.168.50.254/24

5 172.16.5.5/24 172.17.5.2/24 172.16.5.1/24 172.17.5.1/24 192.168.50.5/24 192.168.50.254/24

6 172.16.6.5/24 172.17.6.2/24 172.16.6.1/24 172.17.6.1/24 192.168.50.6/24 192.168.50.254/24

7 172.16.7.5/24 172.17.7.2/24 172.16.7.1/24 172.17.7.1/24 192.168.50.7/24 192.168.50.254/24

8 172.16.8.5/24 172.17.8.2/24 172.16.8.1/24 172.17.8.1/24 192.168.50.8/24 192.168.50.254/24

9 172.16.9.5/24 172.17.9.2/24 172.16.9.1/24 172.17.9.1/24 192.168.50.9/24 192.168.50.254/24

10 172.16.10.5/24 172.17.10.2/24 172.16.10.1/24 172.17.10.1/24 192.168.50.10/24 192.168.50.254/24

11 172.16.11.5/24 172.17.11.2/24 172.16.11.1/24 172.17.11.1/24 192.168.50.11/24 192.168.50.254/24

12 172.16.12.5/24 172.17.12.2/24 172.16.12.1/24 172.17.12.1/24 192.168.50.12/24 192.168.50.254/24

13 172.16.13.5/24 172.17.13.2/24 172.16.13.1/24 172.17.13.1/24 192.168.50.11/24 192.168.50.254/24

14 172.16.14.5/24 172.17.14.2/24 172.16.14.1/24 172.17.14.1/24 192.168.50.14/24 192.168.50.254/24

15 172.16.15.5/24 172.17.15.2/24 172.16.15.1/24 172.17.15.1/24 192.168.50.15/24 192.168.50.254/24

16 172.16.16.5/24 172.17.16.2/24 172.16.16.1/24 172.17.16.1/24 192.168.50.16/24 192.168.50.254/24

17 172.16.17.5/24 172.17.17.2/24 172.16.17.1/24 172.17.17.1/24 192.168.50.17/24 192.168.50.254/24

18 172.16.18.5/24 172.17.18.2/24 172.16.18.1/24 172.17.18.1/24 192.168.50.18/24 192.168.50.254/24

19 172.16.19.5/24 172.17.19.2/24 172.16.19.1/24 172.17.19.1/24 192.168.50.19/24 192.168.50.254/24

20 172.16.20.5/24 172.17.20.2/24 172.16.20.1/24 172.17.20.1/24 192.168.50.20/24 192.168.50.254/24


Administration



Course Map

Module 1: Check Point Firewall Architecture

& Installation








Introduction

Objectives

Explain the function and operation of a Security

Policy

Create and modify policy, rules, objects…

Modify Global Properties

Configure anti-spoofing on the firewall

Use Policy Package Management

Use Database Revision Control

Security Policy Defined

What is a Security Policy?

a set of rules that defines network security

Considerations

Which services, including customized

services and sessions, are allowed across

the network?

Which user permissions and authentication

schemes are needed?

Which objects are in the network? Examples

include gateways, hosts, networks, routers,

and domains.

56

© 2006 Check Point Software

Rule Base 2

Launching the SmartDashboard…

Check Point SmartDashboardenables administrators to define security policy

only one administrator with read/write

permissions can be logged in at any one timeStart \ Programs \ Check Point SmartConsole R65 \ SmartDashboard

Defining Basic Objects…

Defining Node Object

Defining Network Object

Defining Address range Object

Defining Group Object

Launching the SmartDashboard and

define basic objects

Anti-Spoofing…

Scenario

Anti-spoofing

Spoofing is a technique used by

intruders attempting to gain

unauthorised access

a packet’s source IP address is altered to

appear to come from a part of the network

with higher privileges

Anti-spoofing verifies that packets are

coming from, and going to, the correct

interfaces on the gateway

i.e. packets claiming to originate in the

internal network, actually DO come from

that network

Configuring Anti-Spoofing

Networks reachable from an interface

need to be defined appropriately

Should be configured on all interfaces

Spoof tracking is recommended

Anti-spoofing rules are enforced

before any rule in the Security Policy

rule base



Rule Base Defined

Rule Base Elements

- No.

-Name

-Source

- Destination

- VPN

- Services

- Action

- Track

- Install on

- Time

- Comment

Creating the Rule Base

The default rule

added when you add a rule to the Rule

Base

The Basic Rules

Cleanup Rule

CP follows the principle ―that which is not

expressly permitted, is prohibited‖

all communication attempts not matching a

rule will be dropped

the cleanup rule drops all the communication

but allows specific logging

The Basic Rules

The Stealth Rule

prevents users from connecting directly to

the firewall

Implicit, Explicit Rules and …

NGX creates implicit rules from

Global Properties

Explicit rule created by Administrator

in the SmartDashboard

Control Conections

VPN-1 NGX creates a group of implicit

rules that it places first, last or before

last…

Implicit rules, Global Properties

Rule Base Order

VPN-1 NGX enforces the rule base in

following order:

IP spoofing

NAT

Security Policy ―First‖ rule

Administrator defined rule base

Security Policy ―before last‖ rule

Cleanup rule or Security Policy ―last‖ rule

Create a new policy package

Add new rule into policy

Add object into rule

Basic Policy

Verify / Install and Uninstall a

Security Policy

Verify a Security Policy Select Policy \ Verify from the SmartDashboard

Click OK

Install/Uninstall a Security Policy Select Policy \ Install (or Uninstall) from the

SmartDashboard

Click Select All to select all items on the

screen (specific items may be deselected)

Click OK

Install Policy

Defining and install a basic policy


Stealth Rule

Allow Ping to firewall gateway

Allow Ping from Internal network to

outside

Allow Internet access (HTTP)

Cleanup Rule


Modify Routing Table for ping test

-sysconfig

-add route:

Dest 172.16.x.0/24 gateway 192.168.50.x

85

Advanced Security Policy

Hide/Unhide rule

Enable/Disable rule

Add section title

Object Cloning

Masking Rules

Rules in a rule base can be hidden to allow

easier reading of a complex rulebase

(masking rules)

All other rules will be visible however their

numbers wont change

Hidden rules are still enforced on the

gateway

Viewing Hidden Rules

if View Hidden in the Rules>Hide menu is

checked, all rules set as hidden are displayed

Unhiding Hidden Rules

select Unhide All from the Rules>hide menu

Hide/Unhide rule

Disabling Rules

Disabling Rules

a disabled rule will only take effect after

the security policy is reinstalled

the rule will still be displayed in the

rulebase

Enabling a Disabled Rule

select the disabled rule and right click

select Disable Rule to deselect

remember to reinstall the policy

Enable/Disable rule

Add section title

Add section title (continue…)

Object Cloning

Policy editing

Clone Object

Add Section Title

Hide rule

Disable Rule

Command Line Options for the

Security Policy

Basic Options

cpstart/cpstop starts and stops all CP

applications running on the machine

cprestart issues a cpstop and a cpstart

cplic print displays the details of the NGX

licenses

fw ver, fwm ver: displays version

fw unloadlocal: uninstalls current policy of

local Gateway

Improving Performance

SmartCenter

listing machine names and IP addresses

in a hosts file will decrease installation

time for created network objects /etc/hosts (Solaris)

\winnt\system32\drivers\hosts (Windows)

Improving Performance…

Security Gateway

Keep the rulebase simple

Position the most frequently used rules at

the top of the rulebase

Don’t log unnecessary connections

Limit the use Reject action in rules

Use a network object in place of many

node objects

Use IP address ranges in rules instead of

a set of nodes

Database revision control and Policy

package management

Database revision control

DRC gives the admin to create fallback

configurations when implementing new

objects or rules

Policy package management

PPM gives the admin to create multiple

versions of a Security Policy but the

objects needs to stay the same

Using Database Revision Control

Using Database Revision Control

and Policy Package management

Review

1. If a rule is masked or hidden, is it disabled and no

longer part of the Rule Base?

2. When you select a rule, and then select ―Disable

Rule(s)‖ from the menu, what must you also do

before the rule is actually disabled?

3. How does masking help you maintain a Rule Base?

4. Define some guidelines for improving VPN-

1/FireWall-1 NG’s performance via a Security Policy

5. Which of following options used to back up entire

Policy database?

• Database revision control

• Policy package management


Administration



Course Map


& Installation







Introduction

Objectives

List the reasons and methods for Network

Address Translation

Demonstrate how to set up Static NAT

Demonstrate how to set up Dynamic (Hide)

NAT

Network Address Translation (NAT)

Network Address Translation

What is NAT?

as a component of Check Point Firewall it

is used for three things :

to make use of private IP addresses on the

internal network

to conceal internal networks from out side

networks for security reasons

to give ease and flexibility to network

administration

For example, an internal Web server with IP

address 192.168.1.1 could be assigned a NAT

address of 172.10.101.111

Module 3:

NAT

IP Addressing

RFC 1918 details the reserved address groups

Class A network numbers

– 10.0.0.0 – 10.255.255.255

Class B network numbers

– 172.16.0.0 – 172.31.255.255

Class C network numbers

– 192.168.0.0 – 192.168.255.255

Module 3

Network Administration

VPN-1/Firewall-1 supports two types of NAT

Static NAT

Dynamic (Hide) NAT

Understanding Dynamic (Hide) NAT

Module 3:

Dynamic NAT

Module 3

Dynamic (Hide) NAT Ctd.

hide mode packets’ source port numbers are

modified

destination of a packet is determined by the port

number

port numbers are dynamically assigned from two

pools of numbers :

from 600 to 1023

from 10,000 to 60,000

hide mode cannot be used for protocols where

the port number cannot be changed or where the

destination IP address is required

Module 3:

Hide Mode Address Translation

Module 3:

Hiding Behind Gateway

all clients will be hidden behind the

firewall’s server side interface

Understanding Static NAT

Module 3

Static Source NAT

translates private internal source IP addresses

to a public external source IP address

initiated by internal clients with private IP

address

Module 3:

Static Source NAT

Module 3:

Address Translation Using Static Source

Mode

Module 3

Static Destination NAT

translates public addresses to private

addresses

initiated by external clients

Module 3:

Address Translation Using Static

Destination Mode

Module 3:

Address Translation Using Static

Destination Mode

204.32.38.112

Module 3:

Automatic and Manual NAT Rules

NAT Rules

NAT rules consist of two elements

the conditions that specify when the rule is

to be applied

the action to be taken when the rule is

applied

each section in the NAT Rule Base Editor is

divided into Source, Destination and Service

Module 3

Edit Object’s properties to enable Automatic NAT

Module 3

Configure manual NAT

Automatic NAT rules are generated by Gateway

Module 3:

Static NAT

Hide NAT

Lab

•Hide NAT allows LAB to connect the Internet

•Static NAT allows Webserver to be public so users

outside can access it


Administration



Course Map

Module 1: VPN-1 NGX Architecture








Introduction

Objectives

Use SmartView Tracker to display information

about traffic controlled by NGX

Use SmartView Tracker to block an intruder

connection

Use SmartView Monitor to display information

about firewalls and connections status in real

time, and to block Suspicious Activity

SmartView Tracker

Provides visual tracking, monitoring

and accounting information

Provides control over the log files

display

Allows quick access to information

Any event which causes an alert is

logged, including some system

events such as an install of a policy

130


SmartConsole: SmartView Tracker1

SmartView Tracker …

Log File Management

the File menu allows the administrator to

perform the following tasks:

Open

Save as

Export

Switch active file…

Purge active file

View events using filters

Logs management

View administrator’s activities

Block intruders

SmartUpdate

Made up of two components –

Packages Manager and License

Manager

allows tracking of currently installed

versions of CP and OPSEC products

updating of installed CP and OPSEC

software remotely from a centralised

location

centrally managing licenses

SmartUpdate Architecture

Distributed Configuration

NGX Licensing

License Types

central – the license is linked to the IP

number of the management server

local – tied to the IP number to which the

license will be applied

Obtaining Licenses

locate certificate key on the CD cover of

the CP CD

contact www.checkpoint.com - selecting

User Center to obtain eval or permanent

license

Check Point User Center

http://www.checkpoint.com/

136


SmartConsole: SmartView Monitor1

Checking status in SmartView

Monitor

Gateway - Network Activity

Suspicious Activity

Setting up Suspicious Activity rule

Block Suspicious Activity

Ôn tập

1. Thành phần SmartConsole nào cho biết Policy nào đang cài

trên một Firewall gateway?

2. Người quản trị nghi ngờ một firewall đầy ổ cứng, thành phần

SmartConsole nào giúp người quản trị kiểm tra thông tin này?

3. SmartConsole nào được sử dụng trước tiên để giúp người

quản trị gỡ rối một lỗi kết nối đã xảy ra

4. File log hiện hành (active log) dung lượng quá lớn, và để save

nội dung file log hiện hành sang một file log khác để lưu, cần

dùng thao tác gì?

5. Làm thế nào để kích hoạt license cho một filewall?


Administration NGX I

Authorized Check Point Distributor

Module 5: SmartDefense - Chống

tấn công , quét virus, lọc URL


Course Map


& Installation







Module 4: SmartDefense - Chống tấn

công, quét virus, lọc URL

Giới thiệu

Mục tiêu

Tạo các profile chống tấn công và áp dụng

cho các tường lửa khác nhau

Cấu hình chống các tấn công mức mạng và

ứng dụng

Cập nhật các tấn công mới nhất

Xem xét có tấn công nào xảy ra

Cấu hình quét virus, lọc URL

Module 4:Chống tấn công - IPS

•Nguyên tắc kiểm soát truy cập dựa trên số hiệu

cổng, địa chỉ nguồn, đích,… Tuy nhiên điều này

chưa đủ, các tấn công ứng dụng vẫn có thể diễn ra

qua các truy cập dịch vụ được mở.

•SmartDefense là khả năng phát hiện và ngăn chặn

xâm nhập –IPS tại mức ứng dụng

•Các mẫu phát hiện tấn công được cập nhật liên tục

trong thời gian thực

Module 4:Tạo các profiles cho các tường lửa

Module 4:Tạo các profiles cho các tường lửa

Mỗi profile là một tập các cấu hình chống tấn

công. Người quản trị có thể tạo nhiều profile khác

nhau để áp dụng cho các tường lửa khác nhau.

Profile default (mặc định) bao gồm các cấu hình

chống tấn công (được kích hoạt) cơ bản nhất.

Module 4:Cấu hình chống tấn công cho các profile

Xem thông tin, mô tả, sự ảnh hưởng của tấn công

Module 4:

Kích hoạt cấu hình chống tấn công

Module 4:Cấu hình chống tấn công cho các profile

Chọn profile và kích hoạt chống tấn công, điều chỉnh các thông số

phù hợp

Module 4:Áp dụng các profiles cho các tường lửa

Module 4:Dịch vụ SmartDefense: Cập nhật chống tấn

công

Module 4:Dịch vụ SmartDefense

•Sử dụng tài khoản UserCenter được cấp để login

•Download bản cập nhật chống tấn công mới nhất (khi

dịch vụ còn hiệu lực)

•Hiển thị các tấn công mới được cập nhật mới nhất,

xem các lời khuyên và hướng dẫn cấu hình chống tấn

công

Module 4:Dịch vụ SmartDefense

Module 4:Nhận biết có tấn công xảy ra?

•Cấu hình track các tấn công

•Sử dụng SmartView Tracker, SmartView Monitor và

xem các hướng dẫn trong SmartDefense Services

Module 4:Quét Virus tại Gateway

Turn on Anti-virus

Component

162

Module 4:Antivirus Integrated Antivirus

Policy & Updates

•Quét virus ngay tại cổng truy cập, ngăn chặn trước khi

chúng vào hệ thống

•Quét cho các giao thức SMTP, POP3, FTP, HTTP, quét

theo luồng hoặc theo IP

•Có thể quét, bypass hoặc cấm khi truy cập các loại file

163

Turn on URL

filtering component

Module 4:Lọc URL

164

URL Filtering

165

URL Filtering – Advanced option

• d/s URL’s/IP’s

cho phép

• d/s URL’s/IP’s

cấm

• Các truy cập

ngoại lệ

• Thông báo ngăn

chặn

166

URL Filtering – Database

Updates are part of the SDAV Subscription

167

URL Filtering

– URL database hàng đầu (Websense)

– Hơn 15 million sites

– Cập nhật nhanh và độ

chính xác cao

– Tích hợp chặt chẽ với SmartCenter

Module 4:

SmartDefense


Administration



Course Map


& Installation







Disaster Recovery

Introduction

Objectives

Backups are used to restore configurations

and keep downtime to a minimum

Backup and Restore system

configurations

Backup

backup –f filename

backup –e on 17:00 –m 25 --file filename

backup –e : to view the schedule setting

/var/CPbackup/backups

Restore

restore

[L] Restore local backup package

[T] Restore backup package from TFTP server

[S] Restore backup package from SCP server

[R] Remove local backup package

[Q] Quit

Backup and Restore Policy database

$FWDIR (/opt/CPsuite-R65/fw1)

conf: rules, objects, policy, user database

lib:

log:

objects.C and objects_5_0.C

($FWDIR/conf)

rulebase_5_0.fws ($FWDIR/conf)

fwauth.NDB ($FWDIR/conf and

$FWDIR/database)

Backup and Restore Policy database

Export

/opt/CPsuite-R65/fw1/bin/upgrade_tools/

Copy ―windows\Actions‖ on CD2 to C:\

upgrade_export filename

Import

upgrade_import filename

Backup and Restore System

Configuration, Policy database and

Log files

snapshot command

Image management via Web console

Backup and Restore

Date post:	22-Jun-2015
Category:	Documents
Upload:	luu-tuong
View:	51 times
Download:	20 times

CheckPoint Security Administration Module_PartI_09Nov2009

Documents