Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
15 February 2012
2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Additional Information
For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Revision History
Date 15 February 2012 Description Several improvements
Feedback
Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on 3D Security Analysis Report Tool version 4, for R75.20 Administration Guide).
Contents
Important Information .............................................................................................3 Introduction .............................................................................................................5 Benefits ............................................................................................................... 5 What's New ......................................................................................................... 6 Installation ...............................................................................................................7 System Requirements ......................................................................................... 7 Installing SmartConsole ....................................................................................... 7 Installing Server Supplement ............................................................................... 7 Upgrading ............................................................................................................ 8 Getting Started ........................................................................................................9 Customizing Reports ............................................................................................11 Customizing Time Period of Report ....................................................................11 Creating New Reports ........................................................................................11 Adding Queries to Reports .................................................................................12 Editing Queries ...................................................................................................13 Editing Generated Tables and Graphs................................................................14 Editing Generated Reports .................................................................................14 Changing the Report Template ...........................................................................14 Offline Reports ......................................................................................................16 Securing Reports ..................................................................................................18 CPLogLogSender Utility .......................................................................................19 Known Limitations ................................................................................................20
Benefits
Introduction
3D Security Analysis Report Tool takes Check Point PoCs into the next level. The tool generates a comprehensive security analysis report. It automatically integrates security events from different Software Blades: Application Control, URL Filtering, IPS, and DLP. The analysis report is created automatically on a Check Point Microsoft Word document report template. 3D Security Analysis Report Tool accentuates Check Point Added Value, exposing new security risks and suggesting remediations. When a Check Point Security Gateway runs for a while in a PoC environment, inline or Mirror Port, we expect logs and security events to be generated for the active Software Blades. The report gives a comprehensive security analysis that summarizes security events, their risks, and their remediations. This tool offers several out-of-the-box recommended reports. You can customize your own reports. You can add and remove queries. You can create your own Word template. Important - 3D Security Analysis Report Tool is a PoC tool. We highly recommend deploying it only on environments dedicated to PoC. Its deployment can change existing configurations. Therefore, is not recommended for production environments.
Benefits
Shows the value of Check Point 3D Security strategy and the benefits provided by the Software Blades Architecture Visualizes incidents that happen in customer networks, and gives practical recommendations Empowers you with knowledge of new security risks, and improves network security Gives an executive summary for discussion with management Gives detailed results for in-depth discussions with technical points of contact Out-of-the-box reports speed information delivery and accelerate the sales processes Supports customization for specialized reports focused on customer challenges
Introduction
Page 5
What's New
What's New
Bug fix- High Risk URL Filtering events are now being displayed in the Executive Summary section- ( in High and Critical risk Event Summary bar chart). Visual fix- Improved High Risk Applications/Sites Images. Visual fix- Improved tables look Admin Guide update (this document)- System Requirements, Offline Reports and Known Limitations sections updated
Introduction
Page 6
System Requirements
Installation
3D Security Analysis Report Tool has its own version of SmartConsole, and a supplement for the R75.20 SmartEvent Server. Note - If you use R75.20 Mirror Port Kit, this tool is already included. Component SmartConsole SmartEvent supplement Package SmartConsole_983000032_1.exe 3D_ANALYSIS_REPORT_TOOL-MNG-PACK-V08.zip
System Requirements
Component R75.20 Security Management Server with SmartEvent installed MS Office 2003 or 2010, full package, installed on computer with R75.20 SmartConsole (please note that all Office components must be installed) Operating System SecurePlatform Windows
Note - Reports are output to Word. Some of the data is embedded Excel files. The MS Office installation must be at least Word and Excel.
Installing SmartConsole
Install the 3D Security Analysis Report Tool SmartConsole on a Windows computer with MS Office 2003 or 2010. This is a R75.20 SmartConsole. It works with any R75.20 Security Management Server.
Introduction
Page 7
Upgrading
Upgrading
To upgrade the SmartConsole of this tool from an older version, uninstall the older version and install this version. To upgrade the SmartEvent Server supplement, install this version. It automatically overwrites the older version.
Introduction
Page 8
Upgrading
Getting Started
After you install the new SmartConsole, you have a new button on the SmartEvent console.
To generate a report:
1. Open SmartEvent. 2. Click 3D Security Analysis Report.
Getting Started
Page 9
Upgrading
4. Click Generate Word. The report can take several seconds to generate. It opens as a Word document in the background.
Getting Started
Page 10
Customizing Reports
The 3D Security Analysis Report Tool out-of-the-box reports are designed for PoCs, built on customer feedback. But if you have unique requirements from a customer, you can fulfill the request with easy customizations.
Customizing Reports
Page 11
3. In the Report Period list, select the time period. Data from this period is collected when the report generates. 4. Decide if this report is to be based on an existing document: Create a report using an existing document. - Select use the following document as template. Browse to the document. If you want to select an out-of-the-box template, browse to the SmartConsole installation folder. Typically: C:\Program Files (x86)\CheckPoint\SmartConsole\R75.20\PROGRAM\data\ClientGeneratedReports
Create a report on a blank Word document. 5. Add queries to the report ("Adding Queries to Reports" on page 12). 6. Click Save.
2. In the View Title field, enter the name of the query that will replace placeholder text: If this report is based on a blank Word document, the title of the query data shows at the end of the document.
Customizing Reports
Page 12
Editing Queries
If this report is based on an existing document, the text in this field must match, case-sensitive, the placeholder text. If the placeholder text does not exist in the document, the query output is added to the end of the document.
3. In the View Type field, define the output type. Valid values: Image - Query results are output as JPG files. Use for Grid (Events tab in SmartEvent), Pie, or Map. Define the Image Width and Image Height in pixels.
Data - Query results are output as embedded Excel files. Use for Grid or Pie. Define an Excel workbook. It can be a blank file, or a file with content and formulas. 3D Security Analysis Report Tool puts collected data on Sheet2. The table or chart shown on the report is on Sheet1. You can change the data or formulas as required. You must save the Excel workbook with Sheet1 visible.
4. In the Query field, click the browse button. Select a query to collect data. You can create a new query if necessary. 5. Click Save.
Editing Queries
You can change a query that you made, or a query that is predefined.
To edit a query:
1. In the Report Generator View window, double-click a report.
Customizing Reports
Page 13
3. Click Edit.
Such data, which you must fix before you deliver the report, is marked in red. If you see unresolved placeholders (text in < > tags): Delete the placeholders, or Edit queries to replace the placeholder with data and generate the report again.
Customizing Reports
Page 14
analyzed, and manipulated by 3D Security Analysis Report Tool. If you remove or change placeholder text, the generated data is shown at the end of the report. Best Practice: Change the template only for localization (translating text that comes from the template) or formatting (font, color, size). Use the 3D Security Analysis Report Tool editing features to change the data that is shown.
Customizing Reports
Page 15
Offline Reports
You can generate reports from logs, without interacting with the customer environment. For example, if you get logs from a customer, you can use 3D Security Analysis Report Tool to deliver a professional report of the log data. Make sure the logs are exported from the customer's R75.20 Security Gateway running R75.20 Software Blades and managed by an R75.20 Security Management Server. Offline reports generate queries only of activated Software Blades.
To export logs:
3. Name the log file. 4. Click OK. A number of files are created on the Security Management Server, in $FWDIR/log: yourname.log yourname.logaccount_ptr yourname.loginitial_ptr yourname.logLuuidDB
To import logs:
1. On the local Security Management Server, log in and go to $FWDIR/log. 2. Put all the exported files here. 3. Run: chmod 777 CPLogLogSender 4. Run: ./CPLogLogSender -l 200 -i 1 -n forever name.log This can take some time, depending on the number of records the log file contains.
Offline Reports
Page 16
5. Open SmartEvent. Wait until all events are generated. 6. Generate the 3D Security Analysis Report Tool report.
Offline Reports
Page 17
Securing Reports
When the report is ready to deliver, make sure it secure from unauthorized changes or access. 1. Save the Word document as PDF. 2. Set the PDF security for opening and for editing. If you have Adobe Acrobat, set the security options of the Document Properties. We recommend using Password protection. If you use a 3rd Party product (such as primoPDF) to make the PDF, use the features of that application to set a password on the PDF.
It is best if you do not edit the PDF after it is made. To change content for audience or purpose, change the Word document and save it as a new PDF. We recommend that you password protect the Word document and keep it in secure storage (such as a Check Point GO stick).
Securing Reports
Page 18
CPLogLogSender Utility
The CPLogLogSender utility simulates traffic captured in the log file. The utility runs the traffic as though it were live traffic going through the Security Gateway. The Security Gateway logs new events similar to those in the log files. To run the utility, you run a script command with required configuration parameters. Syntax Parameters ./CPLogLogSender l <log_amount> i <interval> n <cycles> <name>.log Parameter l <log_amount> Description Number of logs to send in one batch. Valid value: integer Note - flag is lower-case L. Batch delta time, in seconds. Sends a batch of logs every <interval> seconds. Valid value: small integer Number of cycles to repeat batch sending. Recommended value: forever. Runs until all logs are generated. Name of the generated log
i <interval>
n <cycles>
name Comments
1. Before running the Utility please let the utility privileges by running the fooling command: chmod 777 $FWDIR/log/CPLogLogSender 2. The time it takes to generate the logs depends on the number of log records in the log file. In the example, if the log file has 100,000 records, it will take 100,000 records / 200 seconds = 500 seconds. We recommend around 200 logs per second if you use VMware or a slow computer. If you use a strong computer, you can increase to a higher rate (1,000 - 4,000 or more) to shorten the process time. ./CPLogLogSender l 200 i 1 n forever MYLOGS.log
Example
CPLogLogSender Utility
Page 19
Known Limitations
1. If you run the report on SmartEvent Intro, you must delete empty queries before you generate a report.
Open the Edit Report window of the reports you will use. Select a section with an empty query. Click Remove. Do this for all sections with empty queries. Click Save.
2. During a report generation: Do not use any clipboard options (Copy, Cut, Print Screen) Do not use double screen (screenshots are taken only from main screen and not the secondary screen) It is recommended not to use other application in the background
Known Limitations
Page 20