Upload
michael-resnick
View
228
Download
0
Embed Size (px)
Citation preview
7/23/2019 CCSA R75 Presentation-8 modules
1/58
Check Point Security
75Administrator R
Eran Shaham
Mct,Mcitp,Ccna,Ccse,Wci-
7/23/2019 CCSA R75 Presentation-8 modules
2/58
Course A"enda
Modue #$ Check Point % &hree &ier Architecture Modue '$ (mpementin" a )istributed instaation Modue *$ Con+i"urin" &he Ruease Modue $ &rackin" Acti.ity usin" Smart/ie0 &racker
Modue 5$ 1iterin" 2++ensi.e Web Content Modue 3$ Scannin" the 4et0ork Modue 7$ )epoyin" Site to Site /P4 Modue $ Course Summary
7/23/2019 CCSA R75 Presentation-8 modules
3/58
Modue #$
Check Point % &hree &ierArchitecture
7/23/2019 CCSA R75 Presentation-8 modules
4/58
rie+ (n+o
Check Point is an Israeli information security software company thatwas the first to invent and implement a network firewall solution. Checkpoint products are installed on 100% of fortune 100
companies. It has a 60% market share of enterprise firewalls in the market
today.
Check Point implements a complete security solution with enterprisemanagement of the complete network
Perimeter(nternaWeb
7/23/2019 CCSA R75 Presentation-8 modules
5/58
&he &hree &ier Architecture Concept Check Point is configured of three major components
!mart Console " # gui client that have all the administrative tools installed !mart Center !erver " # data$ase that contains the security policy rule$ase& for
the firewall it manages !ecurity gateway " # firewall that scans and filters the traffic. #lso called an
enforcement module.
'he !mart console is installed only on windows machines It has to connect to the !mart Center !erver with a valid ip ( username)password 'he !mart Center !erver is installed on various os*s
It contains the security policy rule$ase& created $y the !mart Console It distri$utes the rule$ase to the firewall
'he !ecurity +ateway is installed mostly on !P,#' and appliances !P,#' secure platform& is a hardened linu- of a ed /at enterprise edition
distri$ution
7/23/2019 CCSA R75 Presentation-8 modules
6/58
Standaone /s! )istributed (nstaation
# standaoneinstallation " is when the smart center server and thesecurity gateway installed on the same machine
# distributedinstallation " is when the smart center server and thesecurity gateway are installed on separate machine
e will use a distri$uted configuration in the class SMnywill $e the smart console and the smart center server
S6nywill $e the security gateway dapwill $e and e-ternal server
# '
*
7/23/2019 CCSA R75 Presentation-8 modules
7/58
Modue'$
(mpementin" a )istributedinstaation
7/23/2019 CCSA R75 Presentation-8 modules
8/58
SMny /irtua Machine Con+i"uration
!ny is a preconfigured virtual machine with the followingcharacteristics in 2P sp3 am is configured with 1g$ of memory 4ic is connected to vmnet1 C5 is attached to an iso image file
loppy has $een removed
7/23/2019 CCSA R75 Presentation-8 modules
9/58
S6ny /irtua Machine Con+i"uration !+ny is a virtual machine that we install with the following
characteristics !plat 78 am is configured with 769 : of memory 4ic is connected to vmnet1 " to !mny 4ic is connected to vmnet3 " to 5;ny we will not use it in the course& 4ic is connected to vmnet< " to ,dap
C5 is attached to an iso image file
7/23/2019 CCSA R75 Presentation-8 modules
10/58
dap /irtua Machine Con+i"uration ,dap is a preconfigured virtual machine with the following
characteristics in server 300< with a we$ and a mail server am is configured with 813 : of memory 4ic is connected to vmnet !martview 'racker
Con+i"ure Autoscro in Smart.ie0 &racker Huery => #utoscroll
7/23/2019 CCSA R75 Presentation-8 modules
30/58
&rackin" http Connections Powerp ,dap and login alt(ctrl(ins& with password .pn#'* rom !mny http))ldap
4ote that a we$ site displaying ,dap#tlantis has opened.
http://ldap/http://ldap/7/23/2019 CCSA R75 Presentation-8 modules
31/58
&rackin" http Connections 9Cont!: a-imiDe the !martview 'racker window and dou$le click on the first
green http line.
5ou$le Click on that line and view the detailed information.
7/23/2019 CCSA R75 Presentation-8 modules
32/58
Modue 5$
1iterin" 2++ensi.e Web Content
7/23/2019 CCSA R75 Presentation-8 modules
33/58
Con+i"ure Web 1iterin" on SMny 9to be en+ored on S6ny: 5ash$oard 5ou$leClick !+ny and check$o-
7/23/2019 CCSA R75 Presentation-8 modules
34/58
Con+i"ure Web 1iterin" on SMny 9Cont!: ?-pand , iltering and watch the settings in the right pane. ?-pand the #dvanced option and press the ocked
7/23/2019 CCSA R75 Presentation-8 modules
35/58
Con+i"ure Web 1iterin" on SMny 9Cont!:
http))ldap and watch the message displayed instead of the we$site. atch the specified event monitored $y the !martJiew 'racker.
7/23/2019 CCSA R75 Presentation-8 modules
36/58
Modue 3$
Scannin" the 4et0ork
7/23/2019 CCSA R75 Presentation-8 modules
37/58
Con+i"ure (PS on SMny 9to be en+ored on S6ny: 5ash$oard 5ou$leClick !+ny and check$o- (PS 5ash$oard Gpen the (PS ta$ and look at the settings
7/23/2019 CCSA R75 Presentation-8 modules
38/58
Con+i"ure (PS on Smny 9Cont!: ?-pand Protections and press the Port Scan as shown a$ove. 5ou$le Click ost Port Scan 5ou$le Click )e+autDProtection Change the setting to 2.eride (PS Poicy 0ith )etect
7/23/2019 CCSA R75 Presentation-8 modules
39/58
Con+i"ure (PS on Smny 9Cont!: Close the opened windows. 5ou$le Click S0eep Scan! 5ou$le Click )e+autDProtection Change the setting to 2.eride (PS Poicy 0ith )etect (nsta the security poicy!
7/23/2019 CCSA R75 Presentation-8 modules
40/58
6ather in+ormation about opened ports usin" Superscan at dap Run!upescan from the desktop. #dd IP address of !ny and !+ny as shown a$ove. Gn the /ost and !ervice 5iscovery ta$ deseectthe /ost 5iscovery. Gn the !can ta$ press the pay$utton and watch the results. Gpen the !martview 'racker and find the port scan attempt.
7/23/2019 CCSA R75 Presentation-8 modules
41/58
Modue 7$
)epoyin" Site to Site /P4
7/23/2019 CCSA R75 Presentation-8 modules
42/58
&he /P4 Concept
JP4 Jirtual Private 4etwork& is used to transfer private data$etween private networks through an insecure pu$lic network.
'he term Jirtual Private 4etwork means esta$lishingA a @Private4etworkA over the wan and @JirtualA means encryption.
?ncryption makes the wan @virtually privateA. ?dge devices as routers and firewalls are used to encrypt and
decrypt the traffic $etween them.
#' *
7/23/2019 CCSA R75 Presentation-8 modules
43/58
)epoyin" Site to Site /P4 In this scenario the private networks are J4?'1 and J4?'K
and the pu$lic network is J4?'
7/23/2019 CCSA R75 Presentation-8 modules
44/58
Con+i"urin" SMny +or Site to Site /P4 'o save timeB we will use !ny in a preconfigured stage snapshot& In the snapshotB !ny is conrolling !+ny and !+la via !IC.
Start SMny +rom snapshot and aunch Smart )ashboard rom the menu /M- snapshot -snapshot mana"er Click on Site to site /P4 and then on the 62 &o $utton! Press the PAF $utton to start the virtual machine! Jerify that the time and date are correct!
)ra" and drop the icense files that the trainer gave you from the host todesktop at !ny.
7/23/2019 CCSA R75 Presentation-8 modules
45/58
Con+i"ure )ate and &ime settin"s on S64F-/P4 .irtua machine 'o save timeB we will use !+ny=JP4 Bwhich is a preconfigured version
of !+ny. 'his is a different virtual machine from the one you installed$efore.
rom the Jmware menu 1ie 2pen and then $rowse to the !+ny=JP4 folder. Click on the folder and then click on !+ny.vm- file.
Po0er on the virtual machine after it is added and authenticate to thefirewall. rom the command line chan"e the date to reflect today*s date in the
following format 5ate =55=EEEE. Jerify that the date is changed using the )atecommand. Jerify that the time is correct using syscon+i"from the command line.
7/23/2019 CCSA R75 Presentation-8 modules
46/58
Con+i"ure the )ate and &ime settin"s on S6a .irtua machine rom the Jmware menu 1ie 2pen and then $rowse to the !+la
folder. Click on the folder and then click on the vm- file. Po0er on the virtual machine after it is added and authenticate to
the firewall. rom the command line chan"e the date to reflect today*s date in
the following format 5ate =55=EEEE. Jerify that the date is changed using the )atecommand.
Jerify that the time is correct using syscon+i"from the commandline.
7/23/2019 CCSA R75 Presentation-8 modules
47/58
(nsta icense +ies centray +rom SMny Point to !tart => Check Point !martConsole 78 => Smart
7/23/2019 CCSA R75 Presentation-8 modules
48/58
(nsta icense +ies centray +rom SMny 9Cont!:
Click on 4et0ork 2bBects icenses G Contracts 'a$. 4otice that $oth gateway o$jects appear with pink triangle in the
upper right of the o$ject. It means that they are controlled $y !nyand connected to it via !IC.
rom the ,icenses L Contracts ta$ in !martpdate check$o- /ie0Repository!
'he ,icense L Contract epository opens as a windows at the$uttom!
7/23/2019 CCSA R75 Presentation-8 modules
49/58
(nsta icense +ies centray +rom SMny 9Cont!: rom the icense and Contracts menu choose Add icense and
then 1rom 1ieH !elect the first license file and press open.
#n information dialog $o- appers. Press 2=. 'he first component ofthe license file is local license and is immediately attached to !ny.
7/23/2019 CCSA R75 Presentation-8 modules
50/58
(nsta icense +ies centray +rom SMny 9Cont!: ight Click !+ny and choose Attach icensesH #n Attach icenses window opens. Click on the second part of the
license file Ba central licenseB and choose Attach.
#n information dialog $o- appers. Press 2=. 'he first component ofthe license file is local license and is immediately attached to !ny.
7/23/2019 CCSA R75 Presentation-8 modules
51/58
(nsta icense +ies centray +rom SMny 9Cont!: rom the icense and Contracts menu choose Add icense and
then 1rom 1ieH !elect the second license file and press open.
#n information dialog $o- appers. Press 2=.
7/23/2019 CCSA R75 Presentation-8 modules
52/58
(nsta icense +ies centray +rom SMny 9Cont!: rom the icense and Contracts Repository highlight the line that
it*s type is local in the right coloum. ight click on the unattached license in the left and choose Attach
icenseH Choose !+la and press Attach! 'he display should show three licenses attached to the o$jects.
7/23/2019 CCSA R75 Presentation-8 modules
53/58
Con+i"urin" SMny +or Site to Site /P4 9Cont!:
Gpen !mart5ash$oard. 5ou$leClick !+ny o$ject and check$o- (psec /P4 and press 2=! 5o the same for !+la*s G$ject. 4ote that $oth o$ject contain a lock sym$ol now. 'his indicates vpn
capa$ilities. Press on the (PSec /P4'a$. Eou can see My(ntraneto$ject that
contain common settings to esta$lish the JP4.
7/23/2019 CCSA R75 Presentation-8 modules
54/58
Con+i"urin" SMny +or Site to Site /P4 9Cont!:
5ou$leClick Myintraneto$ject. Press the Participatin" 6ate0ays 'a$
and add $oth gateways to the community. Press GM and watch that the Participant 6ate0ays
0indo0shows $oth gateways.
7/23/2019 CCSA R75 Presentation-8 modules
55/58
Con+i"urin" SMny +or Site to Site /P4 9Cont!: Con+i"urethe security policy shown a$ove and instait on $oth
gateways. 4oteB the vpn rule states that when traffic passes $etween networks
the firewalls will encrypt and decrypt it $y the parameters defined in
the My(ntraneto$ject.
7/23/2019 CCSA R75 Presentation-8 modules
56/58
&est the /P4 rue rom !ny open the run command and http$??pca 'he :rowser opens and PC,#*s we$ site is displayed. Gpen !martJiew 'racker and see that a ock si"n enryption
activity performed $y !+ny&and a ock 0ith a key si"n decryption
activity performed $y !+la& took place.
7/23/2019 CCSA R75 Presentation-8 modules
57/58
Modue $
Course Summary
idi M ti t ti S it
7/23/2019 CCSA R75 Presentation-8 modules
58/58
NOQR SSTU VW XSYSZ[\ V]T^ V]O\ RZS^ V_`\W]
V\S\] bS`ROVS] R^bR RSSbR ^ R[bT VO^O^R [b
XSR ^Q\] \Y^ VW R^R V]T^R _ O]_
V_\ VO]R XSRY
G! hardeningB update mana"ementB
authentication
1ire0asB /P4B (PS
+uardsB locksB monitoring and
tracking devices
4et0ork se"mentsB IP!ec
!ecure CodingB anti.irusB