Pass Checkpoint CCSA 156-215.80 Exam in First Attempt Easily

Module 1

1. Introduction to Checkpoint Technology

Introduction to Checkpoint Technology Checkpoint technology addresses network deployments and security threats while providing administrative flexibility and accessibility. To accomplish this, Checkpoint uses a unified security management architecture and the Checkpoint firewall. These Checkpoint features are further enhanced with the Smart Console interface and the Gaia operating system. The following provides a basic understanding of these features and enhancements.

2. Learning Objectives

Learning objectives: interpret the concept of a firewall and understand the mechanisms used for controlling network traffic; describe the key elements of checkpoints; unify security management and architecture; recognize smart console features, functions, and tools; understand checkpoint deployment options; and describe the basic functions of the operating system.

3. Concept of a Firewall

Concept of a firewall. Firewalls are the core of a strong network security policy. They control the traffic between internal and external networks. Firewalls can be hardware, software, or a combination of both, which are configured to meet an organization's security needs. When connecting to the Internet, securing the network against intrusion is of critical importance. The most effective way to secure the Internet link is to put a firewall system between the local network and the Internet. The firewall ensures that all communication between an organization's network and the Internet conforms to the organization's security policy.

4. OSI Model

Open systems interconnect model. To understand the concept of a basic firewall, it is beneficial to examine the aspects of the OSI model. The OSI model demonstrates network communication between computer systems and network devices such as security gateways. It governs how network hardware and software work together and illustrates how different protocols fit together. It can be used as a guide for implementing network standards. The OSI model is comprised of seven layers. The bottom four layers govern the establishment of connection and how the packet will be transmitted. The top three layers of the model determine how application in the end stations communicate and work. The Checkpoint Firewall Kernel module inspects packets between the data link and network layers. Depending on the traffic, flow and service, inspection may transcend multiple layers. The OSI model layers are described as follows layer one represents physical communication links or media required hardware such as Ethernet cards, DSL modems cables, and hubs. Layer two represents where network traffic is delivered to the local area networks. This is where identification of a single specific machine takes place. Media access control addresses are assigned to network interfaces by the manufacturers. An Ethernet address belonging to an Ethernet card is a layer two Mac address. An example of a physical device performing in this layer would be a switch. Layer three represents where delivery of network traffic on the Internet takes place. Addressing in this layer is referred to as creates unique addresses except where Nat is employed. Nat makes it possible to address multiple physical systems by a single layer three IP address. An example of a physical device performing in this layer would be a router. Layer four represents where specific network applications and communication sessions are identified. Multiple layer four sessions may occur simultaneously on any given system with other systems on the same network. Layer four is responsible for flow control of data transferring between end systems. This layer introduces the concept of ports or endpoints. Layer five represents where connections between applications are established, maintained and terminated. This layer sets up the communication through the network. The session layer allows devices to abolish and manage sessions. A session is the persistent logical linking of two software application processes. Layer six represents where data is converted into standard format that the other layers can understand. This layer formats and encrypts data to be sent across the network. The presentation layer is responsible for presenting the data. It defines the format of data conversion. Encoding and decoding capabilities allow for communication between dissimilar systems. Layer seven represents end-user applications and systems. Application protocols are defined at this level, are used to implement specific user applications and other high level functions. TTP and SMTP are examples of application protocols. It is important to understand that usually the application layer is part of the operating system and not necessarily a part of the application in use. Note distinction among layers five, six, and seven are not always clear. Some models combine these layers. The more layers a firewall is capable of covering, the more thorough and effective the firewall is. Advanced applications and protocols can be accommodated and accommodated more efficiently with additional layer coverage. In addition, advanced firewalls such as checkpoint and security gateways can provide services that are specifically oriented to the user, such as authentication techniques and logging events of specific users.

5. TCP/IP Model

Transmission control protocol. Internet Protocol Model The TCP IP model Isa suite of protocols which work together to connect hosts and networks to the Internet. Whereas the OSI model conceptualizes and stresses how network should work, TCP IP actually serves as the industry standard networking method that a computer uses to access the Internet. TCP IP protocols support communication between any two different systems in the form of client server architecture. This model is based on its two most dominant protocols, but the suite consists of many additional protocols and a host of applications. Each protocol resides in a different layer of the TCP IP model. The TCP IP model consists of four core layers that are responsible for its overall operation network interface, face layer, Internet layer, transport layer, and application layer. Each layer corresponds to one or more layers of the OSI model. These core layers support many protocols and applications. TCP IP model layers are described as follows network Interface Layer this layer corresponds to the physical and data link layers of the Si model. It deals with all aspects of the physical components of network connectivity, connects with different network types, and is independent of any specific network media. Internet Layer this layer manages the routing of data between networks. The main protocol of this layer is the Ipswich handles IP addressing, routing and packaging functions. IP tells the packet where to go and how to get there. The packets are transported as datagrams, which allow the data to travel along different routes to reach its destination. Destination has a unique IP address assigned. The Internet layer corresponds to the network layer of the OSI model. Transport Layer this layer manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target. Application, Transmission Control Protocol and Enduser Data ground protocol represent the core protocols of the transport layer. TCP ensures a reliable transmission of data across connected networks by acknowledging received packets and verifying that the data is not lost during transmission. UDP also manages the flow of data, but data verification is not as reliable as TCP. The transport layer corresponds to the transport layer of the OSI model. Application Layer this layer encompasses the responsibilities of the session, presentation, and application layers of the OSI model. It defines the protocols that are used to exchange data between networks and how host programs interact with the transport layer. The application layer allows the end users to access the targeted network, application, or service.

6. Controlling Network Traffic

Controlling Network Traffic: Managing firewalls and monitoring network traffic is the key role of a network security administrator. Effectively controlling network traffic helps to improve overall network performance and organisational security. The firewall or the security gateway with the firewall enabled will deny or permit traffic based on rules in the security policy. The following technologies are used to deny or permit network traffic: packet filtering, stateful inspection, and an application layer firewall.

7. Packet Filtering

Packet filtering is the process by which traffic is broken down into packets. Basically, messages are broken down into packets that include the following elements: source address, destination address, source port, destination port, and protocol. Packet filtering is the most basic form of a firewall. Its primary purpose is to control access to specific network segments as directed by a preconfigured set of rules, or rule base, which defines the traffic permitted access. Packet filtering usually functions in the network and transport layers of the network architecture. Packets are individually transmitted to their destination through various routes. Once the packets have reached their destination, they are incompetently filed into the original message.

8. Stateful Inspection

Stateful Inspection stateful inspection analyzes a packet source and destination addresses, source and destination ports, protocol and contents. With state full inspection, the state of the connection is monitored and stables are created to compile the information. State tables hold useful information in regards to monitoring performance through a security gateway. As a result, filtering includes content that has been established by previous package passed through the firewall. For example, state full Inspection provides a security measure against port scanning by closing all ports until the specific port is requested. Checkpoints inspect engine, which is installed on a security gateway, is used to extract state related information from the packets and store that information in state tables. State tables are key components of the state full inspection technology because they are vital in maintaining state information needed to correctly inspect the packets. When new packets arrive, their contents are compared to the state tables to determine whether they are denied or permitted. Note state full inspection technology was developed and patented by Checkpoint. State tables are covered in more detail in the CC course.

9. Stateful Inspection vs Packet Filtering

Stateful Inspection versus Packet Filtering: stateful inspection differs from packet filtering in that it deeply examines a packet not only in its header but also the contents of the packet up through the application layer to determine more about the packet than just information about its source and destination. In addition, packet filtering requires creating two rules for each user or computer that needs to access resources. For example, if a computer with the IP address Ten1201 needs to access eight eight on the Internet for DNS, an outgoing request rule is needed for connecting to the server on the Internet, and the second rule is required for the incoming reply for the same connection. The creation of stateful inspection eliminates the need.

10. Application Layer Firewall

Application layer firewall. Many attacks are aimed at exploiting network through network application rather than directly targeting the firewall. Application layer firewall separated the application layer of the TCP IP protocol. Stack detect and prevent attacks against specific applications and services. They provide granular level filtering, antivirus scanning, and access control for network applications such as Email, FTP, and Http. These firewalls may have proxy servers or specialized application software added. Application layer firewalls inspect traffic through the lower layers of TCP IP model and up to and including the application layer. They are usually implemented through software running one host or standalone network hardware and aroused in conjunction with packet filtering. Since application layer firewalls are application aware, they can look into individual sessions and decide to drop a package based on information in the application protocol. The firewalls deeply inspect traffic content and apply allow or block access rules per session or connection instead of filtering connections per port. Like packet filtering, packets are inspected to ensure the validity of the content and to prevent exploits embedded within the content. For example, an application layer firewall may block access to certain website content or software containing viruses. The extent of filtering is based on the rules defined in the Network Security Policy. Application layer firewalls are often referred to as NextGen faults in that they include traditional functions of packet filtering and stateful inspection.

11. Internal Certificate Authority

Internal certificate authority. The ICA is created during the Primary Security Management Server installation process. It is responsible for issuing certificates to authenticate sic authenticates between gateways or between gateways and security managed servers. VPN certificates authenticates between members oven community in order to create the VPN tunnel, users authenticate user access according to authorization and permission. Note if the Security Management Server is renamed, trust will need to be reestablished as the certificate is reissued.

12. SIC Status

Secure internal communication status. Once the certificate is downloaded and stored on the gateway, the Si C status will display the current communication status between the security management server and the gateway. The communication status may show communicating unknown or not communicating.

13. Resetting the Trust State

Resetting the trust state. If the Trust state has been compromised, such as when keys are leaked or certificates are lost, it is possible to reset the Trust state once Sic C has been established. It must be reset on both the Security Management Server and the Security gateway. When resetting Sic, the Security Management Server revoke the certificate from the security gateway and stores the certificate information in the certificate revocation list or the Clothe CRL is a database of revoked certificates. Once the Trust state has been reset, it is updated with the serial number of the revoked certificate. The ICA signs the updated CRL and issues it to all gateways during the next Sic connection. If two gateways have different CRLs, they cannot authenticate. To reset the Trust state, navigate to the Gateways and Service tab. Select the gateway object and hit Edit. In the navigation tree, select General Properties under the Machine section, click the Communication button at the bottom of the window next to the certificate status. Hit the Reset button, publish the changes. Install policy on the gateway to deploy the updated CRL to all gateways. Note if the default policy is in place on the gateway, trust cannot be reset because communication from the Security Management Server will be dropped along with traffic from any other source.

14. SIC Status

The Smart Console The Smart Console is an all encompassing unified console for managing security policies, monitoring events, installing updates, adding new devices and appliances, and managing a multi domain environment. Smart Console navigation Pane Overview Navigation Toolbar Navigate between Smart Console views main Menu Manage policies and layers explore and create objects manage sessions, install policy, manage licenses and pass and configure global properties. Objects Menu create and manage objects Install Policy button Install Policy session Details view the session name and description, and publish or discard the current session sidebar create and manage objects, and view validation errors. Management Activity Bar View the current administrator logged in and the number of changes made in the current session security Management Server details and additional management activity such as Policy installation tasks, command line run, API, commands, and scripts. The Smart Console is organized into the following views gateways and servers duty policies, logs and monitor manage and settings.

Hide