Generation V Protection, Check Point Infinity: ThreatCloud, Sandblast

Deploying Check Point Security Management

Security Management architecture

Security Internal Communication (SIC)

 Creates trusted connections

 Required for policy installation and to send logs
 SIC methods: certificates, Standards-based SSL, 3DES or AES128 for encryption

Internal Certificate Authority

Responsible for issuing:

 SIC: Authenticate between gateways or between gateways and Security Management Servers
 VPN Certificates (site to site IPSEC, client to site): Authenticate between members of a VPN
community
 Users: Authenticate user access

Gaia (OS) and the WebUI

 Like Linux (RHEL)

  Command line and WebUI
 2 modes: Basic and Advanced

SmartConsole (Windows GUI)

 Manage security policies

 Monitor events
 Install updates
 Add new devices and appliances
 Manage multi-domain environments

SmartConsole (connect to Management Server)

 SmartEvent (A licensed Software Blade used to correlate logs and detect real security threats)
 SmartView Monitor (Monitor changes to gateways, tunnels, remote users and security activities)
 SmartDashboard (Access to legacy applications, such as DLP, Anti-Spam & Mail, Mobile Access,
and HTTPS Inspection)

 Gateways & Servers (overview checkpoint deployment, products, itself (A-SMS), gateway
cluster, clusters)
 Security Policies Tab (policy package standard contain access control and threat prevention,
cleanup rule)

 Log & Monitor Tab

 Manage & Settings Tab