1 Infrastruktur Sicherheit mit Checkpoint Neue Module Markus Kohlmeier Teamleiter Internet und Security Services
2 Übersicht Checkpoint Releases Firewall 1 4.1, release 2000 Firewall 1 NG, FP1, FP2 und FP3, release August 2002 Firewall 1 NG AI R54 und R55, release November 2003 Firewall 1 NGX R60, release August 2005 Firewall 1 NGX R61, release März 2006 Firewall 1 NGX R62, release November 2006 Firewall 1 NGX R65, release März 2007 Firewall 1 NGX R70, release März 2009 Firewall 1 NGX R71, release April 2010 Firewall 1 NGX R75, release Januar 2011
3 Software Blades Gateway Produkte Firewall IPSEC VPN Mobile Access Identity Awareness Application Control IPS DLP Web Security URL Filtering Antivirus & Anti-Malware Anti-Spam & Security Advanced Networking Acceleration & Clustering Voice over IP (VoIP) Management Produkte Network Policy Management Endpoint Policy Management Logging & Status SmartWorkflow Monitoring Management Portal User Directory SmartProvisioning SmartReporter SmartEvent
4 Mobile Access Einfache Verbindung für mobile Geräte Sichert Anbindungen von Smartphones, Tablets, PCs und Laptops Bietet Client-based und Web-based VPN Verbindungen Einfache Anbindung von eigenen und externen Mitarbeitern Zentrales Management und einfaches Rollout Integration in den Check Point Security Policy Manager Installation und Konfiguration der Mobile Access Software Blade auf bestehenden Security Gateways
5 Identity Awareness Transparente Protokollierung von User-Aktivitäten Zentral verwaltete Benutzer-Zugriffe auf Unternehmensressourcen und Applikationen Granulare User-, Gruppen- and Machinen-basierende Protokollierung und Policy enforcement Bessere Einschränkung von Zugriffen Strikte Vorgaben beim Zugriff auf Data Center Ressourcen, Applikationen und Netzwerkesegmente Schützt vor Verlust von Daten durch restriktiven Zugriff auf Daten aufgrund von Userinformationen
6 Application Control Application Control Identifiziert, erlaubt, blockt oder limitiert die Benutzung von Applikationen basierend auf User- und Gruppeninformationen Integration in Check Point Software Blade Architecture Zentrales Management der Security Policy aus einer Konsole Ermöglicht application control auf jeden Check Point Security Gateway
7 Vielen Dank für Ihre Aufmerksamkeit! DTS Systeme GmbH Markus Kohlmeier April 2011
8 Anhang Management Module Network Policy Management - Comprehensive network security policy management for Check Point gateways and blades via SmartDashboard, a single, unified console Endpoint Policy Management - Centrally deploy, manage, monitor and enforce security policy for all endpoint devices across any sized organization. Logging & Status - Comprehensive information in the form of logs and a complete visual picture of changes to gateways, tunnels, remove users and security activities SmartWorkflow - Provides a formal process of policy change management that helps administrators reduce errors and enhance compliance. Monitoring - A complete view of network and security performance, enabling fast response to changes in traffic patterns and security events. Management Portal - Extends a browser-based view of security policies to outside groups such as support staff while maintaining central policy control User Directory - Enables Check Point gateways to leverage LDAP-based user information stores, eliminating the risks associated with manually maintaining and synchronizing redundant data stores. SmartProvisioning - Provides centralized administration and provisioning of Check Point security devices via a single management console. SmartReporter - Turns vast amounts of security and network data into graphical, easy-to-understand reports. SmartEvent - SmartEvent translates security information into action.
9 Anhang Gateway Module Firewall - World's most proven firewall secures more than 200 applications, protocols and services featuring the most adaptive and intelligent inspection technology. IPsec VPN - Secure connectivity for offices and end users via sophisticated but easy to manage Site-to-Site VPN and flexible remote access. Mobile Access - The safe and easy solution to connect to corporate applications over the Internet with Smartphones or PCs. IPS - The highest performing integrated IPS solution with the industry's best threat coverage Application Control - Provides strong application and identity controls by allowing organizations to create policies which identify, block or limit usage of thousands of applications, based on user identity. Identity Awareness - Provides granular security policy at a per user, per group and per machine level. It centralizes the management, monitoring and reporting of user actions across the internal network, its perimeter and beyond. DLP - Combines technology and processes to prevent data loss of critical business information Web Security - Advanced protection for the entire Web environment featuring the strongest protection against buffer-overflow attacks. URL Filtering - Best-of-breed Web filtering covering more than 20 million URLs protects users and enterprises by restricting access to dangerous Web sites. Antivirus & Anti-Malware - Leading antivirus protection including heuristic virus analysis stops viruses, worms and other malware at the gateway Anti-Spam & Security - Multi-dimensional protection for the messaging infrastructure stops spam, protects servers and eliminates attacks through . Advanced Networking - Adds dynamic routing, multicast support and Quality of Service (QOS) to security gateways. Acceleration & Clustering - Patented SecureXL and ClusterXL technologies provide wire speed packet inspection, high availability and load sharing. Voice over IP - Advanced connectivity and security features for VoIP deployments, featuring enhanced Rate Limiting protections, Far end NAT and inspection of SIP TLS.
Check Point Software Blade Architecture Achieving the right balance between security protection and investment Contents Introduction 3 Check Point Software Blade architecture overview 3 What is a Software
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
Network Security Appliance Series Next-generation firewalls Today s organizations face unprecedented security challenges. The sophistication and volume of attacks is increasing exponentially, often resulting
DATASHEET FortiGate /FortiWiFi -80 Series Enterprise-Class Protection for Branch Offices Proven Security for Remote Offices, Retail, and Customer Premise Equipment FortiGate/FortiWiFi-80 Series consolidated
How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.
Robust security without sacrificing performance Comprehensive support to IPv6 Robust hybrid VPN (IPSec/SSL/TP) - Zero-configuration remote access with EASY VPN - Support LTP VPN on mobile device (iphone
Network World and Robin Layland present The 2013 Next Generation Firewall Challenge Next Generation Firewalls provide the needed protection against Advance Evasion Techniques 2013 The 2013 Next Generation
Create a Secure Private Network for Cloud Computing Learn More: Call us at 877.634.2728. www.megapath.com MegaPath s Secure Private Cloud for Networking Your business may be considering a move to the cloud
FortiOS 5 Network Security Operating System For Next Generation Firewall FortiOS is a security-hardened, purpose-built operating system that forms the foundation of all FortiGate platforms. FortiOS 5 software
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
MESSAGING SECURITY GATEWAY Detect attacks before they enter your network OVERVIEW This document explains the functionality of F-Secure Messaging Security Gateway (MSG) what it is, what it does, and how
Secure Remote Access Series for SMB Comprehensive and easy-to-use clientless secure remote access Today s small- to mid-sized businesses (SMBs) depend on a mobile workforce. The Consumerization of IT is
Securing FlexPod Deployments with Next-Generation Firewalls CHALLENGE The VMware on FlexPod platform is being widely deployed to accelerate the process of delivering virtualized application workloads in
Index The Expanding Role of the Network in Business Success 4 What Are Managed Services? 4 Scenario 1: Customer Owns Network and Shares Management Responsibility 5 Scenario 2: Service Provider Owns the
FortiGate -3700D High Performance Data Center Firewall Data centers, cloud providers, carriers and service providers need a high-speed, high-capacity firewall to stay ahead of ever-increasing network performance
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
DATA SHEET FortiGate 300D and 500D Accelerated security for mid-enterprise and branch office FortiGate FortiGate 300D and 500D Accelerated security for mid-enterprise and branch office With cyber threats
A COALFIRE WHITE PAPER Using s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance Implementing s Deep Security Platform in a Payment Card Environment April 2015 Page 1 Executive Summary...
The K-12 Budget Case for Internet Security While Internet access has expanded, school budgets have tightened. To protect investments and resources, schools must apply limited funds strategically. CONTENTS
VOICE FIREWALL Secure your voice network edge and prevent financial losses. The ETM Voice Firewall secures your critical networking resources and lowers telecom expenses by protecting your enterprise voice
Firewall Strategies June 2003 (Updated May 2009) 1 Table of Content Executive Summary...4 Brief survey of firewall concepts...4 What is the problem?...4 What is a firewall?...4 What skills are necessary
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
The MPLS Network: A Future-Proof Engine Addressing network traffic trends with new opportunities for business communications 2 Table of Contents I. MPLS: The Foundation for the Way Today s Business Works
Cisco Roadshow November 2010 Gerald Fingerlos EXPERTEACH Jürgen Gosch Small Business email@example.com 1 Cisco ein starker Hersteller Grösster Netzwerkhersteller der Welt (40 mia US$) Hohe Innovationskraft