Scribd Logo
Carica

Benvenuto in Scribd!

  • Checkpoint Firewall Presentation

    Caricato da

    Farid Bou
    404 visualizzazioni42 pagine
    GUI MM User Interface Management and Logging Enforcement Point GUI MM GUI Remote Management and Remote GUI beware ports 256, 257, 258 and 259 GUI GUI GUI 12 WIFM GUI MM User Interface Local Mode! Useful Commands FW ver returns version and patch info Print a list of Admin users Self explain, be carefull Self explain, don't use this! fwstatus Shows the status of the firewall config util to review fw setup.

    Descrizione originale:

    Titolo originale

    Checkpoint_Firewall_Presentation.ppt

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    GUI MM User Interface Management and Logging Enforcement Point GUI MM GUI Remote Management and Remote GUI beware ports 256, 257, 258 and 259 GUI GUI GUI 12 WIFM GUI MM User Interface Local Mode! Useful Commands FW ver returns version and patch info Print a list of Admin users Self explain, be carefull Self explain, don't use this! fwstatus Shows the status of the firewall config util to review fw setup.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    404 visualizzazioni42 pagine

    Checkpoint Firewall Presentation

    Caricato da

    Farid Bou
    GUI MM User Interface Management and Logging Enforcement Point GUI MM GUI Remote Management and Remote GUI beware ports 256, 257, 258 and 259 GUI GUI GUI 12 WIFM GUI MM User Interface Local Mode! Useful Commands FW ver returns version and patch info Print a list of Admin users Self explain, be carefull Self explain, don't use this! fwstatus Shows the status of the firewall config util to review fw setup.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 42

    Auditing Checkpoint FW1:

    The Combat Overview

    Welcome!
    Ed Capizzi
    Janus
    IT Security Auditor
    ed.capizzi@janus.com

    11/20/2002

    OSI 7 Layer
    Reference Model

    11/20/2002

    Router

    11/20/2002

    Proxy

    11/20/2002

    11/20/2002

    Dynamic State Tables


    5

    Malicious authorized
    users.
    Connections that dont
    go through it.
    100% of all threats!

    A firewall is only as effective


    11/20/2002as the policy it supports.

    GUI

    MM

    FW

    11/20/2002

    User Interface

    Management & Logging

    Enforcement Point

    GUI
    MM
    FW

    Monolithic Stack
    11/20/2002

    MM

    GUI

    FW

    Remote GUI
    11/20/2002

    FW

    GUI
    MM

    Remote Management

    11/20/2002

    Always Authenticated .
    10

    FW

    MM

    GUI

    Remote Management AND Remote GUI


    Beware ports 256, 257, 258 & 259

    11/20/2002

    11

    GUI

    FW

    GUI

    MM
    GUI

    Remote Management
    AND Remote GUIs
    11/20/2002

    GUI

    GUI
    12

    WIFM
    GUI

    MM

    FW
    11/20/2002

    User Interface
    Local Mode !
    Management & Logging
    Logs, Users, Configs, Rulesets

    Enforcement Point
    Daemons, Etc
    13

    11/20/2002

    14

    Any Input

    Lets go look!

    11/20/2002

    15

    Useful Commands
    FW ver

    returns version and patch info

    FWM p

    Print a list of Admin users

    Fwstart

    Self explain, be carefull

    Fwstop

    self explain, dont use this!

    fw log

    Displays the log has many switches

    fw logexort

    Exports a log beware of size creep

    fw dpexport

    Exports the user database

    fw printlic

    prints the license

    fw status

    Shows the status of the firewall

    cpconfig

    config util to review fw setup

    (fwconfig)

    11/20/2002

    16

    fw ver - returns version and patch info

    # fw ver
    # This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1
    Build 41862 [VPN + DES + STRONG]

    11/20/2002

    17

    fwm p

    - Print a list of Admin users

    FireWall-1 Remote Manager Administrators:


    ================================
    Larry (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; )
    Curly (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; )

    Mo (Read Only on all Management clients; )


    Total of 3 administrators
    This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1
    (20Nov2002 14:10:22)

    11/20/2002

    18

    fwstart
    - Self explanatory, be careful

    fwstop
    - Self explanatory,
    dont use this!

    11/20/2002

    19

    fw log
    - Displays the log, feature rich (has many switches)

    fw logexport
    - Exports a log to ascii format with your choice of
    delimiters. beware of size creep!

    fw dpexport
    - Exports the user database d to set delimiter

    11/20/2002

    20

    fw printlic - prints the license


    Host

    Expiration

    Features

    170.199.190.253

    Never

    CPVP-ESC-U-3DES-V41 CK15CCD095822D

    11/20/2002

    21

    cpconfig (fwconfig)
    -config util to review fw setup

    11/20/2002

    22

    cpconfig

    (cont)

    Welcome to Check Point Configuration Program


    =================================================
    This program will let you re-configure
    your Check Point Management configuration.

    Configuration Options:
    ---------------------(1) Licenses
    (2) Administrators
    (3) GUI clients
    (4) Remote Modules
    (5) Groups

    (6) Exit

    Enter your choice (1-6) :

    11/20/2002

    23

    # ./fw stat
    HOST
    localhost
    10:00:49 :

    (Run on the FW

    POLICY
    Snoopy1

    )
    DATE
    18Nov2002

    [>qfe0] [<qfe0] [>qfe1] [<qfe1] [>qfe2] [<qfe2]


    [>qfe3] [<qfe3]

    11/20/2002

    24

    Important Checkpoint files, commands &


    directories
    ./$FWDIR/CONF/
    /$FWDIR/CONF/rulebases.fws Contains all firewall rulebases
    /$FWDIR/CONF/objects.C

    - Contains all firewall objects

    /$FWDIR/CONF/cp.licenses

    - Licenses file

    /$FWDIR/CONF/fwmusers

    - Contains all FW admins

    /$FWDIR/CONF/gui-clients

    - List of all authorized GUI clients

    /$FWDIR/CONF/masters

    - List of all FW masters (Mgt & Logging)

    ./$FWDIR/log/
    /$FWDIR/LOG/cpmgmt.aud

    - Log of admin access via the GUI.

    /$FWDIR/LOG/manage.lock

    - Empty file used for GUI RW management

    11/20/2002

    25

    /$FWDIR/CONF/rulebases.fws
    #cat rulebases.fws
    :rule-base ("##A_Standard_Policy"
    :rule (
    :src (
    : Any
    )
    :dst (
    : Any
    )
    :services (
    : Silent_Services
    )
    :action (
    : drop
    )
    :track ()
    :install (
    : Gateways

    11/20/2002

    26

    /$FWDIR/CONF/objects.C

    $ cat objects.fws
    (
    :anyobj (Any
    :color (Blue)
    )
    :superanyobj (
    : Any
    )
    :netobjgraph (
    : (xnet-0

    :color (black)
    :type (network)
    :location (internal)
    :comments ("Created by the Graph View")
    :broadcast (allow)
    :ipaddr (2.2.2.0)
    :netmask (255.255.255.0)
    :read_only (true)
    :is_network_implied (true)
    :"#oldname" (
    :type (refobj)

    11/20/2002

    :refname ("#_xnet-0")
    )

    27

    /$FWDIR/CONF/cp.licenses
    # cat cp.license
    Sign {
    LICENSE 10.199.8.26 never CPFW-OSE-U-V41 CK-5099B26B
    }= 7xDQpDbe8LjfgDuDhaTvT6sem Index=0 Version=0
    Sign {
    LICENSE 10.199.8.26 never CPFW-ESC-U-V41 FW1:4.1:MOTIF CKF60A423378ED
    }= xzgjzt2PSZoBCBBZe6YkLue6aFh Index=0 Version=0
    Sign {
    LICENSE 10.199.8.26 never CPFW-ENC-U-3DES-MODULE-V41 CPFW-ENC-U3DES-MGMT-V41 CK-FFA94CB
    }= bySNrc5YJQpWHwWc96cva8SLHVhm Index=0 Version=0

    11/20/2002

    28

    /$FWDIR/CONF/fwmusers

    # cat fwmusers
    Larry

    2f1003fec499757c65fc004c4af907

    000fff0f

    Curly

    2708994e49bef3b30d7538d2866a56

    000f0fff

    Mo

    2f2b8765040049948c569f134c9e7fd

    000ff0ff

    Schemp

    6b09f8b704bfd1a0c986ca5efffc5cd82

    0ffffff0f

    11/20/2002

    29

    /$FWDIR/CONF/gui-clients
    # cat gui-clients
    10.199.8.93
    10.199.8.156
    10.199.8.35
    10.199.44.56
    10.199.87.836
    10.199.87.148
    10.199.8.31
    10.199.51.107
    10.199.8.30
    10.199.58.44
    10.199.58.54
    10.199.88.80
    10.199.58.55

    11/20/2002

    10.199.8.180
    30

    /$FWDIR/CONF/masters

    # cat masters
    10.1.1.1
    10.1.2.1

    11/20/2002

    31

    /$FWDIR/LOG/cpmgmt.aud
    New.W' on host 'Snoopy5'
    Mon Nov 18 15:31:50 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
    Mon Nov 18 15:31:52 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains

    unlocked.
    Mon Nov 18 15:32:46 2002 log-viewer Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
    Mon Nov 18 15:34:09 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<
    Tue Nov 19 13:12:34 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
    Tue Nov 19 13:12:36 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains

    unlocked.
    Tue Nov 19 13:12:42 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<
    Wed Nov 20 10:22:31 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
    Wed Nov 20 10:22:33 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
    unlocked.
    Wed Nov 20 10:23:23 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<

    11/20/2002

    32

    /$FWDIR/LOG/cpmgmt.aud(cont)
    nd7.W' on host 'Snoopy6and7'le-editor Curly@IT-STD-8900: Curly@IT-STD-8900 Logged in >>>>
    Fri Nov 15 12:55:00 2002 rule-editor Curly@IT-STD-8900: Failed to lock database: Used by Larry@PC-059using fwm.18

    09:54:32 2002 rule-editor

    Larry@PC-059: Larry@PC-059Logged in >>>>

    Mon Nov 18 09:54:34 2002 rule-editor

    Larry@PC-059: Locking DB with '000fffff' permissions

    Mon Nov 18 09:57:32 2002 log-viewer

    Larry@PC-059: Larry@PC-059Logged in >>>>

    Mon Nov 18 09:59:29 2002 rule-editor

    Larry@PC-059: Storing objects

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase(s)

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy4.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy5.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy6and7.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy3-test.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy2.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy1.W'

    Mon Nov 18 09:59:30 2002 rule-editor

    Larry@PC-059: Storing rulebase 'Snoopy3.W'

    Mon Nov 18 09:59:39 2002 rule-editor

    Larry@PC-059: Installing rulebase '/opt/CPfw1-41/conf/Snoopy1.

    11/20/2002

    Intermiss

    33

    Phone Boy and other useful Websites

    a. Phoneboy

    www.phoneboy.com

    b. Cassandra

    - cassandra.cerias.purdue.edu

    c. Bugtraq

    - online.securityfocus.com/archive

    d. Sun

    - www.sun.com

    e. MS

    - www.microsoft.com

    f. Checkpoint

    www.checkpoint.com

    11/20/2002

    34

    Useful Perl scripts

    fwrules4.2.pl- this is where the gifs are


    fwrules6.0.pl
    And the output
    11/20/2002

    35

    11/20/2002

    36

    11/20/2002

    37

    11/20/2002

    38

    11/20/2002

    39

    11/20/2002

    40

    Advanced GUI
    1.
    2.
    3.
    4.
    5.

    Copy rulebases.fws from FW to GUI


    Copy objects.C from FW to GUI
    Rename rulebases.fws -> rules.fws
    Rename objects.C -> objects.fws
    Start GUI in local mode, ignore errors

    11/20/2002

    41

    Thank You

    11/20/2002

    42

    Potrebbero piacerti anche