checkpoint - day 1

8/7/2019 Checkpoint - Day 1

http://slidepdf.com/reader/full/checkpoint-day-1 1/12

CSC Private

Checkpoint Firewall

Prepared By - Vinod Rathi

Division - GIS

Team - MNS



CSC Private

Day One Session

Objective

� Definition of firewalls

� Overview of Firewall Security Technologies

� Planning Firewall Installation

� Installing Firewall-1 (Checkpoint Firewall)



CSC Private

Introduction to Firewalls

What is a Firewall

� A device that allows multiple networks to communicate with each

other with defined security policy

� A system designed to prevent unauthorized access to or from

Private Network

� Used when networks with varying level of trust exists.



CSC Private

Different Types of Firewalls

Packet Filter

� Filters traffic at the network and transport layer of the TCPIP

model

� Looks at the source and destination ip address, protocolnumber, source and destination ports

� Static in nature. Completely based on the filter defined onthe device.

� Difficult to maintain. As the access filter grows in size, evenan expert could have difficulty in maintaining the filter.



CSC Private

ALG or Proxy Firewalls

� Takes requests from clients and connect to servers based on clientsbehalf

� It is usually specific to network service and hence can fully be awareof the sessions.

� Provides content screening, authentication and caching service.

� Consumes more memory and CPU cycles than traditional packetfilters.

� Not all applications works with proxy.



CSC Private

StatefulInspection

� Combines best features of Stateful packet filtering and applicationlayer gateways

� State engine rests between the data link layer and network layer

� Understands how specific protocols (eg http, ftp, telnet) operate

� Maintains state session table for all connections going through thefirewall.

� Makes security policy decisions based on the contents and context of the packet.



CSC Private

What firewall cannot do ?

� Malicious use of authorized service.

� Users not going through the firewall

� Social Engineering

� Flaws in the host operating system

� Any threats that may occur.



CSC Private

What kind of firewall is Firewall-1 (Checkpoint)

� Firewall -1 is a Stateful inspection firewall

� Uses Stateful inspection and application proxy

� Supports VPN (Site-2-Site, Client-2-Site)

� Provides content filtering using 3rd Party Products

� Policy based NAT (biggest advantage and ease of use)

� Enterprise wide policy management.



CSC Private

� High Availability (commonly known as HSRP or failover)

� INSPECT (modifying firewall state engine parameters)



CSC Private

Planning Firewall-1 Installation

� Document what your network looks like

� Generate network-map and define major points of interest andhow they logically connect.

� Note : Since Firewall-1 is a perimeter device, it can be bestutilized and is effective when the number of entry-exit points

are limited.

� Identify different zones of trust.

Following points should be considered before installing Firewall -1



CSC Private

Developing a Site-Wide Security Policy

� Security Policy ± A written document simple to read and clearlystates what resources to protect and conditions for providing or denying access.

� Lays overall foundation of how an organization approachessecurity issues.

� What Who and How

� What are your important resources to be protected

� Who is responsible for those resources

� How an organization protects those resources

� Senior Management Buy-in



CSC Private

Questions

checkpoint - day 1

Documents