P. 1
Checkpoint - Day 1

Checkpoint - Day 1

|Views: 30|Likes:
Published by vijayprabhu1983
check point in 4 days
check point in 4 days

More info:

Published by: vijayprabhu1983 on Mar 26, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

03/26/2011

pdf

text

original

Checkpoint Firewall

Prepared By Division Team - Vinod Rathi - GIS - MNS

CSC Private

Day One Session
Objective
‡ Definition of firewalls ‡ Overview of Firewall Security Technologies ‡ Planning Firewall Installation ‡ Installing Firewall-1 (Checkpoint Firewall)

CSC Private

Introduction to Firewalls
What is a Firewall
‡ A device that allows multiple networks to communicate with each

other with defined security policy
‡ A system designed to prevent unauthorized access to or from

Private Network
‡ Used when networks with varying level of trust exists.

CSC Private

Different Types of Firewalls
Packet Filter
‡ Filters traffic at the network and transport layer of the TCPIP model ‡ Looks at the source and destination ip address, protocol number, source and destination ports ‡ Static in nature. Completely based on the filter defined on the device. ‡ Difficult to maintain. As the access filter grows in size, even an expert could have difficulty in maintaining the filter.
CSC Private

ALG or Proxy Firewalls
‡ Takes requests from clients and connect to servers based on clients behalf ‡ It is usually specific to network service and hence can fully be aware of the sessions. ‡ Provides content screening, authentication and caching service. ‡ Consumes more memory and CPU cycles than traditional packet filters. ‡ Not all applications works with proxy.

CSC Private

Stateful Inspection
‡ Combines best features of Stateful packet filtering and application layer gateways ‡ State engine rests between the data link layer and network layer ‡ Understands how specific protocols (eg http, ftp, telnet) operate ‡ Maintains state session table for all connections going through the firewall. ‡ Makes security policy decisions based on the contents and context of the packet.

CSC Private

What firewall cannot do ?

‡ Malicious use of authorized service. ‡ Users not going through the firewall ‡ Social Engineering ‡ Flaws in the host operating system ‡ Any threats that may occur.

CSC Private

What kind of firewall is Firewall-1 (Checkpoint)
‡ Firewall -1 is a Stateful inspection firewall ‡ Uses Stateful inspection and application proxy ‡ Supports VPN (Site-2-Site, Client-2-Site) ‡ Provides content filtering using 3rd Party Products ‡ Policy based NAT (biggest advantage and ease of use) ‡ Enterprise wide policy management.

CSC Private

‡ High Availability (commonly known as HSRP or failover) ‡ INSPECT (modifying firewall state engine parameters)

CSC Private

Planning Firewall-1 Installation
Following points should be considered before installing Firewall -1
‡ Document what your network looks like ‡ Generate network-map and define major points of interest and how they logically connect. ‡ Note : Since Firewall-1 is a perimeter device, it can be best utilized and is effective when the number of entry-exit points are limited. ‡ Identify different zones of trust.

CSC Private

Developing a Site-Wide Security Policy
‡ Security Policy ± A written document simple to read and clearly states what resources to protect and conditions for providing or denying access. ‡ Lays overall foundation of how an organization approaches security issues. ‡ What Who and How
‡ What are your important resources to be protected ‡ Who is responsible for those resources ‡ How an organization protects those resources

‡ Senior Management Buy-in

CSC Private

Questions

CSC Private

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->