Upload
lakshmi-jetty
View
109
Download
7
Tags:
Embed Size (px)
Citation preview
Check Point Security Administrator R70Study Guide
Check Point Certified Security AdministratorExam: #156-215.70
Copyright © Check Point Software Technologies Ltd. All rights reserved.Printed by Check Point PressA Division of Check Point Software Technologies Ltd.First Printing December 2009
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
© 2003-2010 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
TRADEMARKS ©2003-2010 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Endpoint Security On Demand, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectCon-trol, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Coopera-tive Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Client-less Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlat-form, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, Smart-Center UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advi-
sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trade-marks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pend-ing applications.
DISCLAIMER OF WARRANTYCheck Point Software Technologies Ltd. makes no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.
International Headquarters: 5 Ha’Solelim StreetTel Aviv 67897, IsraelTel: +972-3-753 4555
U.S. Headquarters: 800 Bridge ParkwayRedwood City, CA 94065Tel: 650-628-2000Fax: 650-654-4233
Technical Support, Education & Profes-sional Services:
8333 Ridgepoint Drive, Suite 150Irving, TX 75063Tel: 972-444-6612Fax: 972-506-7913E-mail any comments or questions about our courseware to [email protected] questions or comments about other Check Point documentation, e-mail [email protected].
Document #: CCSA R70 Study Guide
Revision: R70001
Content: Mark Hoefle
Graphics: Jeffery Holder
Preface The Check Point Certified Security Administrator Exam 1
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 1 Check Point Technology Overview 7
Check Point Technology Overview Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2 Check Point Software Blades 13
Check Point Software Blades Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 3 Deployment Platforms 17
Deployment Platforms Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Chapter 4 Introduction to the Security Policy 23
Introduction to the Security Policy Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 5 Monitoring Traffic and Connections 29
Introduction to the Monitoring Traffic and Connections Topics . . . . . . . . . . . . . . . 30
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 6 Using SmartUpdate 35
Introduction to the SmartUpdate Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Chapter 7 Upgrading to R70 39
Introduction to the Upgrading to R70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 8 User Management andAuthentication 43
Introduction to the User Management and Authentication Topics. . . . . . . . . . . . . . 45
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 9 Encryption and VPNs 49
Introduction to the Encryption and VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 10 User Management and Authentication 55
Introduction to the Introduction to VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 11 Messaging and Content Security 61
Introduction to the Messaging and Content Security Topics . . . . . . . . . . . . . . . . . . . 62
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 12 Check Point IPS 67
Introduction to the Check Point IPS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Preface
1
The Check Point Certified Security Administrator Exam
The Check Point Security Administrator R70 course provides an understanding of basic concepts and skills necessary to configure the Check Point Security Gateway, configure Security Policies, and learn about managing and monitoring secure net-works. The Check Point Security Administrator R70 Study Guide supplements knowledge you have gained from the Security Administrator R70 course, and is not a sole means of study.
The Check Point Certified Security Administrator R70 exam covers the following topics:
Describe Check Point’s unified approach to network management, and the key elements of this architecture
Design a distributed environment using the network detailed in the course topology
Install the Security Gateway version R70 in a distributed environment using the network detailed in the course topology
Given Check Point’s latest integration of CoreXL technology, select the best security solution for your corporate environment
Given network specifications, perform a backup and restore the current Gateway installation from the command line
Preface: The Check Point Certified Security Administrator Exam
2 Check Point Security Administrator R70 Study Guide
Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line
Deploy Gateways using sysconfig and cpconfig from the Gateway command line
Use the Command Line to assist support in troubleshooting common problems on the Security Gateway
Given the network topology, create and configure network, host and gateway objects
Verify SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard
Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
Configure NAT rules on Web and Gateway servers
Evaluate existing policies and optimize the rules based on current corporate requirements
Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime
Use queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality
Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements
Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways
Upgrade and attach product licenses using SmartUpdate
Preface: The Check Point Certified Security Administrator Exam
Check Point Security Administrator R70 Study Guide 3
Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
Manage users to access to the corporate LAN by using external databases
Select the most appropriate encryption algorithm when securing communication over a VPN, based on corporate requirements
Establish VPN connections to partner sites in order to establish access to a central database by configuring Advanced IKE properties
Configure a pre-shared secret site-to-site VPN with partner sites
Configure a certificate based site-to-site VPN using one partner's internal
Configure a certificate based site-to-site VPN using a third-party CA
Configure permanent tunnels for remote access to corporate resources
Configure VPN tunnel sharing, given the difference between host-based, subnet-based and gateway-based tunnels
Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection
Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus policy to filter and scan traffic
Implement default or customized profiles to designated Gateways in the corporate network
Manage profiles by tracking changes to the network, including performance degradation, and troubleshoot issues with the network related to specific IPS policy rules
Create and install IPS policies
Preface: The Check Point Certified Security Administrator Exam Frequently Asked Questions
4 Check Point Security Administrator R70 Study Guide
Frequently Asked QuestionsThe table below provides answers to commonly asked questions about the CCSA R70 exam:
Question Answer
What are the Check Point rec-ommendations and prerequi-sites?
Check Point recommends you have at least 6 months to 1 year of experience with the prod-ucts, before attempting to take the CCSA R70 exam. In addition, you should also have basic networking knowledge, knowledge of Win-dows Server and/or UNIX, and experience with TCP/IP and the Internet.Check Point also recommends you take the Check Point Security Administrator R70 class from a Check Point Authorized Training Cen-ter (ATC). We recommend you take this class before taking the CCSA R70 exam. To locate an ATC, see:http://atc.checkpoint.com/atclocator/locateATC
How do I register? Check Point exams are offered through Pearson VUE, a third-party testing vendor with more than 3,500 testing centers worldwide. Pearson VUE offers a variety of registration options. Register via the Web or visit a specific testing center. Registrations at a testing center may be made in advance or on the day you wish to test, subject to availability. For same-day testing, contact the testing center directly.Locate a testing center from the VUE Pearson Web site:www.pearsonvue.com
What is the exam structure? The exams are composed of multiple-choice and scenario questions. There is no partial credit for incorrectly marked questions.
Preface: The Check Point Certified Security Administrator Exam Frequently Asked Questions
5 Check Point Security Administrator R70 Study Guide
For more exam and course information, see:
http://www.checkpoint.com/services/education/
How long is the exam?Do I get extra time, if I am not a native English speaker?
The following countries are given 120 minutes to complete the exam. All other regions get 150 minutes:Australia Bermuda Canada Japan New Zealand Ireland South Africa UK US
Question Answer
Preface: The Check Point Certified Security Administrator Exam Frequently Asked Questions
6 Check Point Security Administrator R70 Study Guide
Chapter
7
1Check Point Technology Overview
Check Point technology is designed to address network exploitation, administrative flexibility and critical accessibility. This chapter introduces the basic concepts of network security and management based on Check Point’s three-tier structure, and provides the foundation for technologies involved in the Check Point Software Blade Architecture, as discussed in the introduction. This course is lab-intensive, and in this chapter, you will begin your hands-on approach with a first-time instal-lation using standalone and distributed topologies.
Objectives:
Describe Check Point’s unified approach to network management, and the key elements of this architecture
Design a distributed environment using the network detailed in the course topology
Install the Security Gateway version R70 in a distributed environment using the network detailed in the course topology
Chapter 1: Check Point Technology Overview Check Point Technology Overview Topics
8 Check Point Security Administrator R70 Study Guide
Check Point Technology Overview TopicsThe following table outlines the topics covered in the “Check Point Technology Overview” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Network Access Control p. 09
Gateway controlled network p. 10
The Check Point Firewall p. 11
Mechanisms for Controlling Net-work Traffic
p. 12
Stateful Inspection p. 14
Application IntelligenceSecurity Gateway Inspection Archi-tecture
p. 16p. 17
Deployment Strategies p. 20
The DMZBridge Mode
p. 22p. 23
Security Policy Manage-ment
p. 25
SmartConsole Components p. 25
Security Management Server p. 37
Managing Users in SmartDashboardSecuring Channels of Communica-tion
p. 39p. 43
Administrative Login Using SIC p. 45
Table 1-1: Check Point Technology Overview Topics
Check Point Technology Overview Topics Chapter 1: Check Point Technology Overview
Check Point Security Administrator R70 Study Guide 9
Lab 1: Distributed Installa-tion
L-p. 1
Install Security Management Server L-p. 2
Configure Security Management Server - sysconfig
L-p. 12
Configure Corporate Security Gate-way - WebUI
L-p. 32
Install SmartConsole L-p. 42
Launch SmartDashboard L-p. 52
Lab 2: Branch Office Secu-rity Gateway Installation
L-p. 57
Install SecurePlatform on Branch Gateway
L-p. 58
Configure Branch Gateway - WebUI
L-p. 65
Topic Key Element Page Number
Table 1-1: Check Point Technology Overview Topics
Chapter 1: Check Point Technology Overview Sample CCSA R70 Exam Question
10 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionWhat would be the benefit of upgrading from SmartDefense to IPS R70?:
1. Completely rewritten engine provides improved security performance and reporting.
2. There is no difference - IPS R70 is the new name.
3. The SmartDefense technology expands IPS-1 to IPS R70.
4. The SmartDefense is replaced by the technology of IPS-1.
Answer Chapter 1: Check Point Technology Overview
Check Point Security Administrator R70 Study Guide 11
AnswerWhat would be the benefit of upgrading from SmartDefense to IPS R70?:
1. Completely rewritten engine provides improved security performance and reporting.
2. There is no difference - IPS R70 is the new name.
3. The SmartDefense technology expands IPS-1 to IPS R70.
4. The SmartDefense is replaced by the technology of IPS-1
Chapter 1: Check Point Technology Overview Answer
12 Check Point Security Administrator R70 Study Guide
Chapter
13
2Check Point Software Blades
Check Point Software Technologies’ Software Blade architecture is the industry’s first network security architecture designed to meet businesses’ need for total, flex-ible and manageable security. The new architecture empowers businesses with the ability to select, from a library of over 20 software blades, the exact security pro-tections necessary and dynamically tailor security gateways for different environ-ments and sites.
Objectives:
Given Check Point’s latest integration of CoreXL technology, select the best security solution for your corporate environment.
Chapter 2: Check Point Software Blades Check Point Software Blades Topics
14 Check Point Security Administrator R70 Study Guide
Check Point Software Blades TopicsThe following table outlines the topics covered in the “Check Point Software Blades” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Check Point Software Blade Architecture
p. 54
Key Benefits p. 55
Selecting Software Blades p. 57
Performance p. 58
CoreXL p. 58
Deploying Software Blades p. 59
Building Security Solutions p. 60
Systems p. 64
Gateway Systems p. 64
Management Systems p. 68
Enterprise Management Systems p. 69
Software Blades p. 71
Security Gateway Software Blades p. 71
Security Management Software Blades
p. 73
Security Gateway R70 p. 75
Advantages p. 75
Performance Architecture p. 77
Building Blocks p. 81
Table 2-2: Check Point Software Blades Topics
Sample CCSA R70 Exam Question Chapter 2: Check Point Software Blades
Check Point Security Administrator R70 Study Guide 15
Sample CCSA R70 Exam QuestionSelect the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:
1. Increase network security by securing administrative communication with a two-factor challenge response authentication.
2. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.
3. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.
4. For R70 Security Gateways are created during the Security Management Server installation.
Chapter 2: Check Point Software Blades Answer
16 Check Point Security Administrator R70 Study Guide
AnswerSelect the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:
1. Increase network security by securing administrative communication with a two-factor challenge response authentication.
2. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.
3. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.
4. For R70 Security Gateways are created during the Security Management Server installation.
Chapter
17
3Deployment Platforms
Before delving into the intricacies of creating and managing Security Policies, it is beneficial to know about Check Point’s different deployment platforms, and under-stand the basic workings of Check Point’s UNIX-based and Linux operating sys-tems (IPSO and SecurePlatform) that support many Check Point products. For those familiar with Linux and UNIX this section will be a review. But for those with little to no Linux/UNIX experience, this will be a welcome guide
Objectives:
Given network specifications, perform a backup and restore the current Gateway installation from the command line.
Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line.
Use command line utilities to assist support in troubleshooting common problems on the Security Gateway.
Deploy Gateways using sysconfig and cpconfig from the Gateway command line.
Chapter 3: Deployment Platforms Deployment Platforms Topics
18 Check Point Security Administrator R70 Study Guide
Deployment Platforms TopicsThe following table outlines the topics covered in the “Deployment Platforms” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
UTM-1 Edge Appliance p. 87
Advantages p. 88
Power-1 Appliances p. 91
Architecture p. 91
IP Appliances p. 92
Managing the IP Appliance p. 93
Network Voyager p. 94
IPSO p. 96
IPSO File Systems p. 101
CLISH p. 106
SecurePlatform p. 120
Requirements p. 121
Using Command Line p. 123
Backup and Restore p. 126
Critical Directories p. 134
Managing SecurePlatform p. 138
Command Shell p. 140
Lab 3: CLI Tools L-p. 75
Set Expert Password L-p. 76
Table 3-3: Deployment Platforms Topics
Deployment Platforms Topics Chapter 3: Deployment Platforms
Check Point Security Administrator R70 Study Guide 19
Apply Other Useful Commands L-p. 78
Add and Delete Administrators via the CLI
L-p. 79
Perform backkup and restore L-p 81
Topic Key Element Page Number
Table 3-3: Deployment Platforms Topics
Chapter 3: Deployment Platforms Sample CCSA R70 Exam Question
20 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionWhat is the primary benefit of using upgrade_export over either backup or snapshot?
1. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
2. upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.
3. The backup and snapshot commands can take a long time to run whereas upgrade_export will take a much shorter amount of time.
4. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
Answer Chapter 3: Deployment Platforms
Check Point Security Administrator R70 Study Guide 21
AnswerWhat is the primary benefit of using upgrade_export over either backup or snapshot?
1. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
2. upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.
3. The backup and snapshot commands can take a long time to run whereas upgrade_export will take a much shorter amount of time.
4. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
Chapter 3: Deployment Platforms Answer
22 Check Point Security Administrator R70 Study Guide
Chapter
23
4Introduction to the Security Policy
The Security Policy is essential in administrating security for your organization’s network. Your organization not only has to do a good job managing perimeter ac-cess control to company resources, but must also handle sensitive traffic to and from local area networks and remote devices, provide much-needed application-layer protection, maintain simple and effective management, and keep its security budget under control.
Objectives:
Given the network topology, create and configure network, host and gateway objects.
Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard.
Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use.
Configure NAT rules on Web and Gateway servers.
Evaluate existing policies and optimize the rules based on current corporate requirements.
Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime.
Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics
24 Check Point Security Administrator R70 Study Guide
Introduction to the Security Policy TopicsThe following table outlines the topics covered in the “Introductions to the Security Policy” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Security Policy Basics p. 158
The Rule Base p. 158
Managing Objects in SmartDashboard
p. 159
SmartDashboard and Objects p. 160
Managing Objects p. 162
Creating the Rule Base p. 166
Basic Rule Base Concepts p. 166
Default Rule p. 166
Basic Rules p. 169
Implicit/Explicit Rules p. 170
Control Connections p. 172
Detecting IP Spoofing p. 176
Completing the Rule Base p. 179
Understanding Rule Base Order p. 179
Rule Base Management p. 180
Useful Tips p. 180
Policy Management and Revision Control
p. 182
Table 4-4: Security Policy Topics
Introduction to the Security Policy Topics Chapter 4: Introduction to the Security Policy
Check Point Security Administrator R70 Study Guide 25
Policy Management Over-view
p. 183
Installation Targets p. 186
Querying and Sorting Rules and Objects
p. 188
Database Revision Control p. 192
Implementing Database Revision Control
p. 192
Network Address Transla-tion
p. 195
IP Addressing p. 196
Hide NAT p. 197
Static NAT p. 199
Choosing the Hide Address p. 201
Configuring Automatic NAT p. 201
Hide NAT Object Configuration p. 204
Manual NAT p. 208
Multicasting p. 212
Configuring Multicast Access Con-trol
p. 212
Lab 4: Defining Basic Objects and Rules
L-p. 83
Create Security Gateway Object L-p. 85
Create GUIclient Object L-p. 91
Create Rules for Corporate Gateway L-p. 92
Save the Policy L-p 97
Install the Policy L-p. 98
Topic Key Element Page Number
Table 4-4: Security Policy Topics
Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics
26 Check Point Security Administrator R70 Study Guide
Test the Corporate Policy L-p. 102
Create the Remote Security Gate-way Object
L-p. 103
Create a New Policy for the Branch Office
L-p. 108
Combine Policies L-p. 112
Lab 5: Configure the DMZ L-p. 119
Configure DMZ Interface on the Gateway
L-p. 120
Create DMZ Objects in SmartDash-board
L-p. 121
Create DMZ Access Rule L-p. 123
Test the Policy L-p. 124
Lab 6: Configuring NAT L-p. 125
Configure Hide NAT on the Corpo-rate Network
L-p. 126
Test the Hide NAT Address L-p. 129
Configure Static NAT on the DMZ Server
L-p. 131
Test the Static NAT Address L-p. 133
Observe Hide NAT Traffic Using fw monitor
L-p. 134
Observe Static NAT Traffic Using fw monitor
L-p. 139
Topic Key Element Page Number
Table 4-4: Security Policy Topics
Sample CCSA R70 Exam Question Chapter 4: Introduction to the Security Policy
Check Point Security Administrator R70 Study Guide 27
Sample CCSA R70 Exam QuestionA Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
1. Nothing else must be configured.
2. Automatic ARP must be unchecked in the Global Properties.
3. A static route must be added on the Security Gateway to the internal host.
4. A static route for the NAT IP must be added to the Gateway's upstream router.
Chapter 4: Introduction to the Security Policy Answer
28 Check Point Security Administrator R70 Study Guide
AnswerA Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
1. Nothing else must be configured.
2. Automatic ARP must be unchecked in the Global Properties.
3. A static route must be added on the Security Gateway to the internal host.
4. A static route for the NAT IP must be added to the Gateway's upstream router.
Chapter
29
5Monitoring Traffic and Connections
To manage your network effectively and to make informed decisions, you need to gather information on the network’s traffic patterns.
Objectives:
Use queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality.
Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements.
Chapter 5: Monitoring Traffic and ConnectionsIntroduction to the Monitoring Traffic and Connec-
30 Check Point Security Administrator R70 Study Guide
Introduction to the Monitoring Traffic and Connections Topics
The following table outlines the topics covered in the “Monitoring Traffic and Connections” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
SmartView Tracker p. 219
SmartView Tracker Login p. 220
Log Types p. 220
SmartView Tracker Tabs p. 222
Action Icons p. 223
Log-File Management p. 225
Administrator Auditing p. 228
Global Logging and Alerting p. 228
Time Settings p. 231
Blocking Connections p. 233
Terminating and Blocking Active Connections
p. 233
SmartView Monitor p. 235
SmartView Monitor Login p. 237
Customizable Views p. 237
Monitoring Suspicious Activity Rules
p. 244
Monitoring Alerts p. 244
Table 5-5: Monitoring Traffic and Connections Topics
Introduction to the Monitoring Traffic and Connections Topics Chapter 5: Monitoring Traffic and
Check Point Security Administrator R70 Study Guide 31
SmartView Tracker vs. SmartView Monitor
p. 249
Eventia Reporter p. 250
Report Types p. 252
Predefined Reports p. 254
Customizing Predefined Reports p. 256
Eventia Reporter Considerations p. 257
Eventia Reporter Licensing p. 260
Lab 7: Monitoring with SmartView Tracker
L-p. 143
Launch SmartView Tracker L-p. 144
Track by Source and Destination L-p. 148
Modify the Gateway to Activate SmartView Monitor
L-p. 150
View Traffic Using SmartView Monitor
L-p 152
Topic Key Element Page Number
Table 5-5: Monitoring Traffic and Connections Topics
Chapter 5: Monitoring Traffic and Connections Sample CCSA R70 Exam Question
32 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionA third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
1. This information can only be viewed with fw ctl pstat command from the CLI.
2. SmartView Tracker.
3. Eventia Analyzer.
4. SmartView Monitor
Answer Chapter 5: Monitoring Traffic and Connections
Check Point Security Administrator R70 Study Guide 33
AnswerA third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
1. This information can only be viewed with fw ctl pstat command from the CLI.
2. SmartView Tracker.
3. Eventia Analyzer.
4. SmartView Monitor
Chapter 5: Monitoring Traffic and Connections Answer
34 Check Point Security Administrator R70 Study Guide
Chapter
35
6Using SmartUpdate
SmartUpdate extends your organization’s ability to provide centralized policy man-agement across enterprise-wide deployments. SmartUpdate can deliver automated software and license updates to hundreds of distributed Security Gateways from a single management console.
Objectives:
Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications.
Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways.
Upgrade and attach product licenses using SmartUpdate.
Chapter 6: Using SmartUpdate Introduction to the SmartUpdate Topics
36 Check Point Security Administrator R70 Study Guide
Introduction to the SmartUpdate TopicsThe following table outlines the topics covered in the “SmartUpdate” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
SmartUpdate and Manag-ing Licenses
p. 265
Understanding SmartUpdate p. 266
SmartUpdate Introduction p. 268
Overview of Managing Licenses p. 270
License Attachment Process p. 274
Service Contracts p. 279
Licensing R70 p. 285
Obtaining a License Key p. 285
Software Installation Packages p. 287
Gateway Upgrade p. 288
SmartUpdate Options p. 289
The SmartUpdate Command Line p. 290
Lab 8: Using SmartUpdate L-p. 159
Get Gateway Data and Run CPINFO
L-p. 160
Download HFA Package L-p. 163
Table 6-6: Using SmartUpdate Topics
Sample CCSA R70 Exam Question Chapter 6: Using SmartUpdate
Check Point Security Administrator R70 Study Guide 37
Sample CCSA R70 Exam QuestionYou are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?
1. Send a Certified Security Engineer to each site to perform the update.
2. Use SmartUpdate to install the packages to each of the Security Gateways remotely.
3. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
4. Send a CD-ROM with the HFA to each location and have local personnel install it.
Chapter 6: Using SmartUpdate Answer
38 Check Point Security Administrator R70 Study Guide
AnswerYou are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?
1. Send a Certified Security Engineer to each site to perform the update.
2. Use SmartUpdate to install the packages to each of the Security Gateways remotely.
3. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
4. Send a CD-ROM with the HFA to each location and have local personnel install it.
Chapter
39
7Upgrading to R70
This chapter shows how to upgrade an existing Security Management server and se-curity gateway to R70. Upgrades are used to save Check Point product configura-tions, Security Policies, and objects, so that Security Administrators do not need to recreate Gateway and Security Management Server configurations. This chapter lists guidelines for deciding when to upgrade, versus doing a new installation.
Objectives:
Based on current products or platforms used in an enterprise network, perform a pre installation compatibility assessment before upgrading to R70.
Given R70 licensing restrictions, obtain a license key.
Install a Contract File on platforms such as Windows, SecurePlatform, Linux, Solaris and IPSO.
Chapter 7: Upgrading to R70 Introduction to the Upgrading to R70
40 Check Point Security Administrator R70 Study Guide
Introduction to the Upgrading to R70The following table outlines the topics covered in the “Upgrading to R70” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Pre installation Compati-bility
p. 295
Supported Upgrade Paths p. 297
Backward Compatibility for Gate-ways
p. 297
IPS-1 Upgrade Paths and Interoper-ability
p. 298
Important R70 Upgrade Notes p. 298
Upgrade Configuration p. 300
Distributed Installation p. 302
Gateway Upgrade p. 306
Lab 9: Upgrading a Secu-rity Gateway Locally
L-p. 169
Upgrade the Security Gateway L-p. 170
Table 7-7: Upgrading to R70 Topics
Sample CCSA R70 Exam Question Chapter 7: Upgrading to R70
Check Point Security Administrator R70 Study Guide 41
Sample CCSA R70 Exam QuestionYou currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?
1. The license is not upgraded.
2. It is upgraded with new available features, but cannot be activated.
3. It is deleted.
4. The license will be upgraded with a warning.
Chapter 7: Upgrading to R70 Answer
42 Check Point Security Administrator R70 Study Guide
AnswerYou currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?
1. The license is not upgraded.
2. It is upgraded with new available features, but cannot be activated.
3. It is deleted.
4. The license will be upgraded with a warning.
Chapter
43
8User Management andAuthentication
In this chapter, we discuss Security Gateway options for creating, managing, and authenticating users. If you do not have a user-management infrastructure in place, you can make a choice between managing the internal-user database or choosing to implement an LDAP server. If you have a large user count, Check Point recom-mends opting for an external user-management database, such as LDAP. By main-taining a large user database externally, Security Gateway performance is greatly enhanced. For example, if the user database is external, the database will not have to be reinstalled every time the user information changes. Additionally, the external user database can be used as the user database by other applications.
Authentication confirms the identity of valid users authorized to access your com-pany network. Staff from different departments are assigned access permissions, based on their level of responsibility and role within the organization. Authentica-tion ensures that all users trying to access the system are valid users, but does not define their access rights.
Check Point authentication features enable you to verify the identity of users log-ging in to the Security Gateway, but also allow you to control security by allowing some users access and disallowing others. Users authenticate by proving their iden-tities, according to the scheme specified under a Gateway authentication scheme, such as LDAP, RADIUS, SecurID and TACACS.
Chapter 8: User Management and Authentication
44 Check Point Security Administrator R70 Study Guide
Objectives:
Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.
Manage users to access to the corporate LAN by using external databases
Introduction to the User Management and Authentication Topics Chapter 8: User Management and
Check Point Security Administrator R70 Study Guide 45
Introduction to the User Management and Authentication Topics
The following table outlines the topics covered in the “User Management and Authentication” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Creating Users and Groups in SmartDashboard
p. 311
User Types p. 311
Security Gateway Authenti-cation
p. 313
Introduction to Authentication Methods
p. 313
Authentication Schemes p. 315
Remote User Authentication p. 317
Authentication Methods p. 319
User Authentication p. 319
Configuring User Authentication p. 325
Session Authentication p. 326
Configuring Session Authentication p. 327
Client Authentication p. 328
Configuring Client Authentication p. 333
Resolving Access Conflicts p. 335
Configuring Authentication Tracker p. 336
Table 8-8: User Management and Authentication Topics
Chapter 8: User Management and AuthenticationIntroduction to the User Management and Authen-
46 Check Point Security Administrator R70 Study Guide
LDAP User Management with SmartDirectory
p. 337
LDAP Features p. 337
Multiple LDAP Servers p. 339
Using an Existing LDAP Server p. 340
Configuring Entities to Work with the Gateway
p. 340
Managing Users p. 346
SmartDirectory Groups p. 347
Lab 10: Client Authentica-tion
L-p. 177
Use Manual Client Authentication with FTP and Local User
L-p. 178
Modify the Rule Base L-p. 181
Test Manual Client Authentication L-p. 184
Use Partially Automatic Client Auth with a Local User
L-p. 185
Use Partially Automatic Client Auth with LDAP
L-p. 189
Verify SmartDashboard Integration L-p. 195
Test Active Directory Authentica-tion
L-p. 198
Create a Database Revision L-p. 200
Topic Key Element Page Number
Table 8-8: User Management and Authentication Topics
Sample CCSA R70 Exam Question Chapter 8: User Management and Authentication
Check Point Security Administrator R70 Study Guide 47
Sample CCSA R70 Exam QuestionChoose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
1. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
2. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
3. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
4. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
Chapter 8: User Management and Authentication Answer
48 Check Point Security Administrator R70 Study Guide
AnswerChoose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
1. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
2. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
3. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
4. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
Chapter
49
9Encryption and VPNs
The Check Point Security Gateway enables you to create site-to-site Virtual Private Networks (VPNs) that provide secure communication between two defined partic-ipants, by encrypting the communication on unsecured public networks, such as the Internet.
Objectives:
Select the most appropriate encryption algorithm when securing communication over a VPN, based on corporate requirements.
Configure a certificate-based site-to-site VPN using one partner's internal CA.
Establish VPN connections to partner sites in order to establish access to a central database by configuring Advanced IKE properties.
Chapter 9: Encryption and VPNs Introduction to the Encryption and VPNs Topics
50 Check Point Security Administrator R70 Study Guide
Introduction to the Encryption and VPNs Topics
The following table outlines the topics covered in the “Encryption and VPNs” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Securing Communication p. 353
Privacy p. 353
Symmetric Encryption p. 354
Symmetric Disadvantages p. 355
Asymmetric Encryption p. 356
Diffie-Hellman p. 356
Integrity p. 358
Authentication p. 359
Two-Phases of Encryption p. 361
Encryption Algorithms p. 362
IKE p. 363
ISAKMP p. 363
Oakley p. 363
ISAKMP/Oakley p. 363
Phase 1 p. 364
Phase 2 p. 365
How a VPN Works p. 366
Tunneling-Mode Encryption p. 369
Table 9-9: Encryption and VPNs Topics
Introduction to the Encryption and VPNs Topics Chapter 9: Encryption and VPNs
Check Point Security Administrator R70 Study Guide 51
Certificate Authorities p. 371
Certificates p. 371
Multiple Certificate Authorities p. 372
Local Certificate Authority p. 372
CA Service via the Internet p. 373
Internal Certificate Authority p. 375
Creating Certificates p. 375
Topic Key Element Page Number
Table 9-9: Encryption and VPNs Topics
Chapter 9: Encryption and VPNs Sample CCSA R70 Exam Question
52 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionYour organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R70 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?
1. Certificate Revocation Lists
2. Application Intelligence.
3. Digital signatures.
4. Key-exchange protocols.
Answer Chapter 9: Encryption and VPNs
Check Point Security Administrator R70 Study Guide 53
AnswerYour organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R70 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?
1. Certificate Revocation Lists
2. Application Intelligence.
3. Digital signatures.
4. Key-exchange protocols.
Chapter 9: Encryption and VPNs Answer
54 Check Point Security Administrator R70 Study Guide
Chapter
55
10User Management and Authentication
Virtual Private Networking technology leverages the Internet to build and enhance secure network connectivity. Based on standard Internet secure protocols, a VPN enables secure links between special types of network nodes: the Gateways. Site-to site VPN ensures secure links between Gateways. Remote Access VPN ensures se-cure links between Gateways and remote access clients.
Objectives:
Configure a pre-shared secret site-to-site VPN with partner sites.
Configure permanent tunnels for remote access to corporate resources.
Configure VPN tunnel sharing, given the difference between host-based, subnet-based and gateway-based tunnels.
Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics
56 Check Point Security Administrator R70 Study Guide
Introduction to the Introduction to VPNs Topics
The following table outlines the topics covered in the “Introduction to VPNs” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
The Check Point VPN p. 381
VPN Deployments p. 383
Site-to-Site VPNs p. 383
Remote-Access VPNs p. 383
VPN Implementation p. 384
Three Critical VPN Components p. 384
VPN Setupq p. 385
VPN communities p. 387
VPN Topologies p. 389
Choosing a Topology p. 391
Authentication Between Commu-nity Members
p. 395
Domain and Route-Based VPNs p. 396
Access Control and VPN Commu-nities
p. 397
Excluded Services p. 400
Special considerations for Planning a VPN Topology
p. 400
Integrating VPNs into a Rule Base p. 401
Table 10-10: Introduction to VPNs Topics
Introduction to the Introduction to VPNs Topics Chapter 10: User Management and Authentication
Check Point Security Administrator R70 Study Guide 57
Simplified vs, Traditional Mode VPNs
p. 403
VPN Tunnel Management p. 404
Permanent Tunnels p. 404
VPN Tunnel Sharing p. 407
Remote Access VPNs p. 409
Multiple Remote Access VPN Communities
p. 410
Establishing a Connection Between Remote User and a Gateway
p. 410
Configuring Remote Access VPN p. 413
Lab 11: Site-to-Site VPN Between Corporate and Branch Office
L-p. 201
Define the VPN Domain L-p. 202
Create the VPN Community L-p. 205
Create the VPN Rule and Modify-ing the Rule Base
L-p. 211
Test VPN Connection L-p. 214
VPN Troubleshooting L-p. 220
Lab 12: Tow-Gateway IKE Encryption Using Certifi-cates
L-p. 223
Save Certificate for Export L-p. 224
Add Instructor Machine to VPN Community
L-p. 226
Add the Instructor Network to the VPN Community
L-p. 231
Topic Key Element Page Number
Table 10-10: Introduction to VPNs Topics
Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics
58 Check Point Security Administrator R70 Study Guide
Create Atlantis Certificate Author-ity
L-p. 233
Modify the Rule Base L-p. 236
Install and Verify Security Gateway Configuration
L-p. 237
Test Encryption with Certificates L-p. 238
Revert to Standard Security Policy L-p. 242
Lab 13: Remote Access and Office Mode
L-p. 243
Create Remote-Access Group L-p. 245
Configure Gateway for IKE Encryption and LDAP Authentica-tion
L-p. 246
Configure VPN Domain L-p. 248
Configure Office Mode IP-Pool L-p. 251
Configure Remote Access Commu-nity Objects
L-p. 253
Modify the Rule Base for Remote Access
L-p. 256
Create a Site Using the Site Wizard L-p. 258
Verify Office Mode IP Assignment L-p. 265
Test the Remote Connection L-p. 267
Topic Key Element Page Number
Table 10-10: Introduction to VPNs Topics
Sample CCSA R70 Exam Question Chapter 10: User Management and Authentication
Check Point Security Administrator R70 Study Guide 59
Sample CCSA R70 Exam QuestionYou have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose?
1. IPsec: It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.
2. IPsec: It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted.
3. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.
4. SSL VPN: It has more secure and robust encryption schemes than IPsec.
Chapter 10: User Management and Authentication Answer
60 Check Point Security Administrator R70 Study Guide
AnswerYou have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose?
1. IPsec: It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.
2. IPsec: It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted.
3. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.
4. SSL VPN: It has more secure and robust encryption schemes than IPsec.
Chapter
61
11Messaging and Content Security
Protecting corporate resources is a major concern for most businesses. Blocking un-desirable content is an important part of a corporate security policy for a variety of reasons, including:
Computer viruses, Trojans and ActiveX components containing malicious code can bring down entire networks.
Viewing undesirable Web content wastes time and resources.
Access control firewalls prevent unauthorized traffic from passing through the Gateway. However, hackers also attempt to misuse allowed traffic and services. Some of the most serious threats in today's Internet environment come from attacks that attempt to exploit the application layer. Access control devices cannot easily detect malicious attacks aimed at these services.
Objectives:
Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection.
Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus policy to filter and scan traffic.
Chapter 11: Messaging and Content Security Introduction to the Messaging and Content Security
62 Check Point Security Administrator R70 Study Guide
Introduction to the Messaging and Content Security Topics
The following table outlines the topics covered in the “Messaging and Content Security” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Antivirus Protection p. 419
Anti-Virus Signature Database Updates
p. 420
Antivirus Scanning p. 422
Content Security Scanning in Prac-tice
p. 423
File Type Recognition p. 429
Continuous Download p. 430
Logging and Monitoring p. 431
File Size Limitations and Scanning p. 432
Basic URL Filtering p. 435
Architecture p. 435
Anti-Spam and Mail p. 437
Architecture p. 439
Logging and Monitoring p. 441
Lab 14: Messaging and Content Security
L-p. 269
Revert to Standard Security Policy L-p. 270
Modify DMZ Server Object L-p. 271
Table 11-11: Messaging and Content Security Topics
Introduction to the Messaging and Content Security TopicsChapter 11: Messaging and Content Se-
Check Point Security Administrator R70 Study Guide 63
Modify Rule Base L-p. 273
Observe SMTP Traffic L-p. 274
Modify the Gateway Properties L-p. 275
Configure Anti-Virus and Anti-Spam for Monitor Only
L-p. 276
Analyze Logs L-p. 279
Reconfigure Policy to Block Attacks
L-p. 282
Topic Key Element Page Number
Table 11-11: Messaging and Content Security Topics
Chapter 11: Messaging and Content Security Sample CCSA R70 Exam Question
64 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionWhich Security Servers can perform authentication tasks, but CANNOT perform content security tasks?
1. HTTP
2. RLOGIN
3. FTP
4. HTTPS
Answer Chapter 11: Messaging and Content Security
Check Point Security Administrator R70 Study Guide 65
AnswerWhich Security Servers can perform authentication tasks, but CANNOT perform content security tasks?
1. HTTP
2. RLOGIN
3. FTP
4. HTTPS
Chapter 11: Messaging and Content Security Answer
66 Check Point Security Administrator R70 Study Guide
Chapter
67
12Check Point IPS
This chapter presents basic information on Check Point’s Intrusion Prevention Soft-ware Blade, how intrusion prevention systems work, and prevent network attacks that the intrusion prevention system can detect.
Objectives:
Implement default or customized profiles to designated Gateways in the corporate network.
Manage profiles by tracking changes to the network, including performance degradation, and troubleshoot issues with the network related to specific IPS policy rules.
Create and install IPS policies.
Chapter 12: Check Point IPS Introduction to the Check Point IPS Topics
68 Check Point Security Administrator R70 Study Guide
Introduction to the Check Point IPS TopicsThe following table outlines the topics covered in the “Check Point IPS” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
IPS Overview p. 449
New IPS Engine/Architecture p. 451
Flexible IPS Policy Management p. 453
IPS Event Manager p. 455
Configuring and Manag-ing IPS
p. 456
IPS Protection p. 460
IPS Profiles p. 462
Assigning Profiles p. 464
Protection Browser p. 466
Exporting the Protections List p. 468
Protection Parameters p. 468
Activating Protections p. 473
Automatically Activating Protec-tions
p. 473
Manually Activating Protections p. 476
Monitoring Traffic p. 477
Network Exceptions p. 478
Viewing Packet Information p. 479
Optimizing IPS p. 482
Table 12-12: Check Point IPS Topics
Introduction to the Check Point IPS Topics Chapter 12: Check Point IPS
Check Point Security Administrator R70 Study Guide 69
Performance Management p. 482
Tuning Protections p. 486
IPS Policy Settings p. 486
Enhancing System Performance p. 487
Updating Protections - IPS Subscription
p. 489
Managing IPS Protections p. 489
Updating IPS Protections p. 489
Downloading Updates p. 490
Lab 15: Implementing IPS L-p. 285
Modify the Gateway Properties L-p. 286
Modify DMZ Server Object L-p. 287
Configure IPS for Preliminary Detection
L-p. 291
Modify the Rule Base L-p. 301
Generate an Attack L-p. 302
Analyze the Attack L-p. 304
Reconfigure IPS to Block Attacks L-p. 308
Review Logs L-p. 310
Topic Key Element Page Number
Table 12-12: Check Point IPS Topics
Chapter 12: Check Point IPS Sample CCSA R70 Exam Question
70 Check Point Security Administrator R70 Study Guide
Sample CCSA R70 Exam QuestionYou just upgraded to R70 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.
2. This can't be achieved; activating any IPS system always causes a high rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical checks manually.
4. The new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.
Answer Chapter 12: Check Point IPS
Check Point Security Administrator R70 Study Guide 71
AnswerYou just upgraded to R70 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.
2. This can't be achieved; activating any IPS system always causes a high rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical checks manually.
4. The new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.
Chapter 12: Check Point IPS Answer
72 Check Point Security Administrator R70 Study Guide