Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
An Introduction to Checkpoint Firewall

An Introduction to Checkpoint Firewall

Ratings: (0)|Views: 439|Likes:
Published by zabdo

More info:

Published by: zabdo on Aug 21, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





An Introduction to Checkpoint Firewall
This paper is an introduction to Checkpoint’s Firewall version 4.1. In this paper you willlearn the basics of what Checkpoint is and how it works. You will also see a graphicalinstallation of Checkpoint on an NT 4 server as well as creating a generic set of rules thatwould apply to a small business or home user. Through out my years of usingCheckpoint, I have never seen “HowTo’ instructions on Checkpoint like this other thanwhat is taught in the Checkpoint classes. At the very end of this document, you will findsome useful links to sites I have found helpful over the years. Please keep in mind thatthis is not meant to be a comprehensive, all-inclusive tutorial on Checkpoint, but simply aquick get up to speed small business paper.
 A brief overview of Firewalls
There are 3 basic types of Firewall systems used today:
Packet Filtering
Application Gateway Proxy
Stateful InspectionA Packet Filtering Firewall examines each packet that passes through it up to the network layer. This means that the upper four layers (Application, Presentation, Session, andTransport) are allowed into an internal network. The Packet Filtering Firewall looks ateach packet and determines what to do with it based on a rulebaseyou define. This typeof Firewall technique is popular because it’s inexpensive, transparent to applications andis quicker than most application layer gateways. However, it provides low security, has alimited ability to manipulate information, is difficult to configure, and is subject to IPSpoofing. The types of Firewalls can usually be found on routers.Application Layer Gateway, or better known as Proxies, function on the applicationlevel. Proxies are being challenged today in that outside networks are continuallygrowing and introducing new protocols, services and applications all the time. As thishappens, the Proxy has a difficult time handling these extreme communications onnetworks.Proxy Firewalls remain popular today because they offer a decent level of security, arerelatively inexpensive and provide full application-layer awareness. However, eachservice requires its own application layer gateway, meaning scalability is horrible.Running at the application level is critical to performance and they are vulnerable tooperating system and application level bugs and exploits.StatefulInspection is the third type of firewall used today. StatefulInspection gathers,stores, and manipulates information pertaining to all communication layers and fromother applications. In other words, imagine a giant spreadsheet. Every packet that isallowed through the firewall is entered into that spreadsheet and kept there for a pre-determined amount of time, creating a ‘StatefulInspection Table.’ The benefits of thisare excellent security, full application-layer awareness, high performance and scalability.
What is Checkpoint? 
Checkpoint Firewall-1 uses the statefulinspection technology. Checkpoint analyzes all packet communication layers and extracts the relevant communication and applicationstate information. Firewall-1 has an inspection module that lives in the operating systemkernel. This is below the network layer at the lowest software level. This is the mostideal location because, by analyzing all traffic at this level, the Inspection Moduleinspects all traffic before they reach the OS. This saves the OS’s processing time andresources. Also, a final note, by placing its kernel module between the Network InterfaceCards and the TCP/IP stack itself, Firewall-1 protects the TCP/IP stack.
Preparing an NT 4.0 server 
For this paper, I focus on installing the Checkpoint Firewall-1 software on an NT 4server. I do this because most small businesses have NT. When using Checkpointsoftware on an NT server, I recommend you make two different drives, for example a C:drive and D: drive. The reason for this is to maintain the firewall logs. One of the mostimportant features of a firewall is the logs it generates. These logs will grow and grow astraffic is accepted, denied or rejected on you firewall. As these logs grow, they take upmore and more space, and can fill up your entire drive. This would crash your Windows NT box and cause the firewall to fail. The end result here being no more connectivitythrough that firewall.After you have created two drives, I recommend formatting both with the NT File System(NTFS). This brings a level of security on the box up and allows you to look it downeven tighter. Not only do you have to consider the rulebaseto protect your network, youshould consider the physical location of the firewall. Who will have access to it? Whowill know the Administrator’s password? NTFS will help you secure the box from acasual employee or friend from coming over and ‘playing’ with your configurations.I recommend installing your Operating System (OS), on the C: drive. Then installCheckpoint on the D: drive.Make the Checkpoint Firewall server a standalone server. It should not be part of adomain.
Installing Checkpoint 
When installing Checkpoint, it is important to have a clear understanding of what youneed first, before you begin. I have created a small checklist of items I used to create this paper:
Checkpoint 4.1 media
Checkpoint License from Checkpoint
Legal IP address for external interface
2 or more Network cards
An NT server 
An internet connection
Four port hubI also recommend that you create a network diagram before making any rules. This helpsin creating a rulebase. Below is the network we will configure for:In thisexample, wewill connect asmallhome/officeto the internet using Checkpoint Firewall-1. The network will connect to a hub, whichconnects to an internal Network Interface Card (NIC) on the Firewall server. The second NIC on the Firewall will be our external NIC and will connect to our Cable modem andthat in turn connects to the internet. Now insert your media and we are ready to begin. There are 2 pieces that you need toinstall: The Firewall and the Management Console. For this installation, we will install both on the same machine. However, if the firewall is in an inconvenient location, or youwill be monitoring it often or making rule changes, it may make more sense to install themanagement console closer to you. The management console allows you to configure,add, remove rules, create objects, examine the logs, and check the status of the Logs.We will first install the Firewall Module. When we launch the setup program for this, thefirst screen we see is the License agreement as shown in Figure 1.

Activity (12)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Peter Malla liked this
kunkru879 liked this
zultrsb689 liked this
millat_23 liked this
kkr_0101 liked this
Thomson_VIjay liked this
ramven85 liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->