Infrastruktur Sicherheit mit Checkpoint

Transcription

1 Infrastruktur Sicherheit mit Checkpoint Neue Module Markus Kohlmeier Teamleiter Internet und Security Services

2 Übersicht Checkpoint Releases Firewall 1 4.1, release 2000 Firewall 1 NG, FP1, FP2 und FP3, release August 2002 Firewall 1 NG AI R54 und R55, release November 2003 Firewall 1 NGX R60, release August 2005 Firewall 1 NGX R61, release März 2006 Firewall 1 NGX R62, release November 2006 Firewall 1 NGX R65, release März 2007 Firewall 1 NGX R70, release März 2009 Firewall 1 NGX R71, release April 2010 Firewall 1 NGX R75, release Januar 2011

3 Software Blades Gateway Produkte Firewall IPSEC VPN Mobile Access Identity Awareness Application Control IPS DLP Web Security URL Filtering Antivirus & Anti-Malware Anti-Spam & Security Advanced Networking Acceleration & Clustering Voice over IP (VoIP) Management Produkte Network Policy Management Endpoint Policy Management Logging & Status SmartWorkflow Monitoring Management Portal User Directory SmartProvisioning SmartReporter SmartEvent

4 Mobile Access Einfache Verbindung für mobile Geräte Sichert Anbindungen von Smartphones, Tablets, PCs und Laptops Bietet Client-based und Web-based VPN Verbindungen Einfache Anbindung von eigenen und externen Mitarbeitern Zentrales Management und einfaches Rollout Integration in den Check Point Security Policy Manager Installation und Konfiguration der Mobile Access Software Blade auf bestehenden Security Gateways

5 Identity Awareness Transparente Protokollierung von User-Aktivitäten Zentral verwaltete Benutzer-Zugriffe auf Unternehmensressourcen und Applikationen Granulare User-, Gruppen- and Machinen-basierende Protokollierung und Policy enforcement Bessere Einschränkung von Zugriffen Strikte Vorgaben beim Zugriff auf Data Center Ressourcen, Applikationen und Netzwerkesegmente Schützt vor Verlust von Daten durch restriktiven Zugriff auf Daten aufgrund von Userinformationen

6 Application Control Application Control Identifiziert, erlaubt, blockt oder limitiert die Benutzung von Applikationen basierend auf User- und Gruppeninformationen Integration in Check Point Software Blade Architecture Zentrales Management der Security Policy aus einer Konsole Ermöglicht application control auf jeden Check Point Security Gateway

7 Vielen Dank für Ihre Aufmerksamkeit! DTS Systeme GmbH Markus Kohlmeier April 2011

8 Anhang Management Module Network Policy Management - Comprehensive network security policy management for Check Point gateways and blades via SmartDashboard, a single, unified console Endpoint Policy Management - Centrally deploy, manage, monitor and enforce security policy for all endpoint devices across any sized organization. Logging & Status - Comprehensive information in the form of logs and a complete visual picture of changes to gateways, tunnels, remove users and security activities SmartWorkflow - Provides a formal process of policy change management that helps administrators reduce errors and enhance compliance. Monitoring - A complete view of network and security performance, enabling fast response to changes in traffic patterns and security events. Management Portal - Extends a browser-based view of security policies to outside groups such as support staff while maintaining central policy control User Directory - Enables Check Point gateways to leverage LDAP-based user information stores, eliminating the risks associated with manually maintaining and synchronizing redundant data stores. SmartProvisioning - Provides centralized administration and provisioning of Check Point security devices via a single management console. SmartReporter - Turns vast amounts of security and network data into graphical, easy-to-understand reports. SmartEvent - SmartEvent translates security information into action.

9 Anhang Gateway Module Firewall - World's most proven firewall secures more than 200 applications, protocols and services featuring the most adaptive and intelligent inspection technology. IPsec VPN - Secure connectivity for offices and end users via sophisticated but easy to manage Site-to-Site VPN and flexible remote access. Mobile Access - The safe and easy solution to connect to corporate applications over the Internet with Smartphones or PCs. IPS - The highest performing integrated IPS solution with the industry's best threat coverage Application Control - Provides strong application and identity controls by allowing organizations to create policies which identify, block or limit usage of thousands of applications, based on user identity. Identity Awareness - Provides granular security policy at a per user, per group and per machine level. It centralizes the management, monitoring and reporting of user actions across the internal network, its perimeter and beyond. DLP - Combines technology and processes to prevent data loss of critical business information Web Security - Advanced protection for the entire Web environment featuring the strongest protection against buffer-overflow attacks. URL Filtering - Best-of-breed Web filtering covering more than 20 million URLs protects users and enterprises by restricting access to dangerous Web sites. Antivirus & Anti-Malware - Leading antivirus protection including heuristic virus analysis stops viruses, worms and other malware at the gateway Anti-Spam & Security - Multi-dimensional protection for the messaging infrastructure stops spam, protects servers and eliminates attacks through . Advanced Networking - Adds dynamic routing, multicast support and Quality of Service (QOS) to security gateways. Acceleration & Clustering - Patented SecureXL and ClusterXL technologies provide wire speed packet inspection, high availability and load sharing. Voice over IP - Advanced connectivity and security features for VoIP deployments, featuring enhanced Rate Limiting protections, Far end NAT and inspection of SIP TLS.