Scribd Logo
Carica

Benvenuto in Scribd!

  • Training Checkpoint

    Caricato da

    rajivmukherjee07
    118 visualizzazioni63 pagine
    Here are the key steps in the packet flow process on a Checkpoint firewall: 1. Suspicious Activity Monitoring (SAM) database check - Checks for suspicious traffic patterns. 2. Address spoofing check - Checks if the source IP address is spoofed. 3. Session lookup - Checks if the traffic is part of an existing session. 4. Policy lookup - Matches the traffic to firewall rules/policies. 5. Destination NAT - Performs destination NAT if required by policy. 6. Route lookup - Determines the outgoing interface for the traffic. 7. Source NAT - Performs source NAT if required by policy. 8. Layer 7 inspection - Performs additional inspection like antivirus, URL

    Descrizione originale:

    checkpoint

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Here are the key steps in the packet flow process on a Checkpoint firewall: 1. Suspicious Activity Monitoring (SAM) database check - Checks for suspicious traffic patterns. 2. Address spoofing check - Checks if the source IP address is spoofed. 3. Session lookup - Checks if the traffic is part of an existing session. 4. Policy lookup - Matches the traffic to firewall rules/policies. 5. Destination NAT - Performs destination NAT if required by policy. 6. Route lookup - Determines the outgoing interface for the traffic. 7. Source NAT - Performs source NAT if required by policy. 8. Layer 7 inspection - Performs additional inspection like antivirus, URL

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    118 visualizzazioni63 pagine

    Training Checkpoint

    Caricato da

    rajivmukherjee07
    Here are the key steps in the packet flow process on a Checkpoint firewall: 1. Suspicious Activity Monitoring (SAM) database check - Checks for suspicious traffic patterns. 2. Address spoofing check - Checks if the source IP address is spoofed. 3. Session lookup - Checks if the traffic is part of an existing session. 4. Policy lookup - Matches the traffic to firewall rules/policies. 5. Destination NAT - Performs destination NAT if required by policy. 6. Route lookup - Determines the outgoing interface for the traffic. 7. Source NAT - Performs source NAT if required by policy. 8. Layer 7 inspection - Performs additional inspection like antivirus, URL

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 63

    https://www.youtube.com/watch?

    v=1mcgnaogmyY

    How Internet Work Name Server

    Lets capture a packet for HTTP traffic


    DNS Quarry

    ISP
    PC 192.168.0.21 nflximg.com
    DNS Quarry

    Local DNS Global DNS


    Example 192.168.0.1 Example 8.8.8.8
    How Internet Work Name Server

    Lets capture a packet for HTTP traffic

    ISP
    PC 192.168.0.21 nflximg.com
    DNS Quarry DNS Quarry

    Local DNS Global DNS


    Example 192.168.0.1 Example 8.8.8.8
    How Internet Work Name Server

    Lets capture a packet for HTTP traffic

    ISP
    PC 192.168.0.21 nflximg.com
    DNS Quarry

    Local DNS Global DNS


    Example 192.168.0.1 Example 8.8.8.8
    How Internet Work Name Server

    Lets capture a packet for HTTP traffic

    ISP
    PC 192.168.0.21 nflximg.com
    DNS Quarry

    Local DNS Global DNS


    Example 192.168.0.1 Example 8.8.8.8
    How Internet Work Name Server

    Lets capture a packet for HTTP traffic

    ISP
    PC 192.168.0.21 nflximg.com
    DNS Quarry
    DNS Quarry

    Local DNS Global DNS


    Example 192.168.0.1 Example 8.8.8.8
    HTTP is working on TCP, DNS is working on UDP. For any TCP oriented protocol we need
    3 Way Handshake.

    PC 192.168.0.21 nflximg.com
    Chapter 2
    • Security Appliances Market

    • Firewall
    • Proxy
    • Load Balancer
    • Mail Security Gateway
    • End-Point Security Product
    • Monitoring and Management tool
    What is Firewall ?
    • Unlike routers (Layer 3 ),firewalls (Layer 4 )are
    network security appliances. ... While routers
    blindly pass traffic between two separate
    networks, firewalls actually monitor the
    traffic and helps block unauthorized traffic
    coming from the outside trying to get into
    your network.
    Check Point was established in Ramat-Gan, Israel in 1993, by Gil Shwed
    History
    Check Point was established in Ramat-Gan, Israel in 1993, by Gil Shwed (CEO as of 2016), Marius
    Nacht (Chairman as of 2016) and Shlomo Kramer (who left Check Point in 2003). Shwed had the
    initial idea for the company’s core technology known as stateful inspection, which became the
    foundation for the company's first product, FireWall-1; soon afterwards they also developed one
    of the world’s first VPN products, VPN-1.Shwed developed the idea while serving in the Unit
    8200 of the Israel Defense Forces, where he worked on securing classified networks.

    In 1994 Check Point signed an OEM agreement with Sun Microsystems,[5] followed by a
    distribution agreement with HP in 1995.[9] The same year, the U.S. head office was established
    in Redwood City, California.
    By February 1996 the company was named worldwide firewall market leader by IDC, with a
    market share of 40 percent. In June 1996 Check Point raised $67 million from its initial public
    offering on NASDAQ.
    In 1998 Check Point established a partnership with Nokia, which bundled Check Point's Software
    with Nokia's computer Network Security Appliances.

    Over the years many employees who worked at Check Point have left to start their own software
    companies. These include Shlomo Kremer, who started Imperva; Nir Zuk, who founded Palo Alto
    Networks; Ruvi Kitov and Reuven Harrison of Tufin; and Yonadav Leitersdorf, who founded indeni.
    Check Point installation
    Suspicious Activity Rules
    Suspicious Activity Monitoring (SAM) is a utility integrated in SmartView
    Monitor. It blocks activities that you see in the SmartView Monitor results and
    that appear to be suspicious. For example, you can block a user who tries
    several times to gain unauthorized access to a network or Internet resource.
    A Security Gateway with SAM enabled has Firewall rules to block suspicious
    connections that are not restricted by the security policy. These rules are
    applied immediately (Install Policy not required).
    In SmartView Monitor, go to Tools menu - click on Suspicious Activity Rules.
    fw sam -v -M -j
    SAM rules take some CPU resources
    SmartView Tracker consists of three different modes:
    Log, the default mode, displays all logs in the current fw.log file. These include
    entries for security-related events logged by different Check Point software
    blades, as well as Check Point's OPSEC partners. New logs that are added to
    the fw.log file are added to the bottom of the Records pane.
    Active allows you to focus on connections that are currently open through the
    Security Gateways that are logging to the active Log file.
    Audit allows you to focus on management-related records, such as records of
    changes made to objects in the Rule Base and general SmartDashboard usage.
    This mode displays audit-specific data, such as the
    record's Administrator, Application or Operation details, which is read from
    the fw.adtlog file.

    /var/log/messages
    Important Checkpoint Directories (in expert
    mode)

    • FWDIR/conf Directory
    • FWDIR/log Directory
    • FWDIR/bin Directory
    Mapping Firewall
    Backup
    NAT
    • Source NAT vs Destination NAT
    • Automatic NAT vs Manual NAT
    • Static NAT vs Hide NAT/Dynamic NAT
    • Client Side NAT vs Server Side NAT

    Proxy ARP
    Packet Flow
    What is the Packet Flow of Checkpoint firewall.
    • SAM Database.
    • Address Spoofing.
    • Session Lookup.
    • Policy Lookup.
    • Destination NAT.
    • Route Lookup.
    • Source NAT.
    • Layer 7 Inspection.
    • VPN.
    • Routing.

    Potrebbero piacerti anche