Workshop. Avril 2015 Benoit Buonassera benoitb@checkpoint.com 06 72 94 19 98



Similar documents
Security Administration R77

Uncover security risks on your enterprise network

74% 96 Action Items. Compliance

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Application Control and URL Filtering

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Load Balancing Barracuda Web Filter. Deployment Guide

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Networking for Caribbean Development

Installation of the On Site Server (OSS)

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Check Point taps the power of virtualization to simplify security for private clouds

Advanced Diploma In Hardware, Networking & Server Configuration

Load Balancing McAfee Web Gateway. Deployment Guide

Load Balancing Sophos Web Gateway. Deployment Guide

Load Balancing Smoothwall Secure Web Gateway

Load Balancing Trend Micro InterScan Web Gateway

Configuring Global Protect SSL VPN with a user-defined port

Check Point Security Administrator R70

Penetration Testing LAB Setup Guide

Multi-Homing Security Gateway

Load Balancing Bloxx Web Filter. Deployment Guide

SSL-VPN 200 Getting Started Guide

Supporting Palo Alto Networks Firewalls in CloudStack. April 10, 2014

DDoS Protection on the Security Gateway

Securing Virtualization with Check Point and Consolidation with Virtualized Security

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

EXINDA NETWORKS. Deployment Topologies

1 You will need the following items to get started:

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Network Configuration Settings

Lab Diagramming External Traffic Flows

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

SuperLumin Nemesis. Administration Guide. February 2011

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Tool for Automated Provisioning System (TAPS) Version 1.2 (1027)

Cisco AnyConnect Secure Mobility Solution Guide

Cisco Router and Security Device Manager (SDM)

NMS300 Network Management System

Cisco S380 and Cisco S680 Web Security Appliance

15 JAAR VOOROP IN ICT SECURITY

WatchGuard Training. Introduction to WatchGuard Dimension

About the VM-Series Firewall

Check Point: Sandblast Zero-Day protection

Offline Scanner Appliance

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Unified Threat Management

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals

How To Deploy Sangoma Sbc Vm At Amazon Cloud Service (Awes) On A Vpc (Virtual Private Cloud) On An Ec2 Instance (Virtual Cloud)

Lab Diagramming Intranet Traffic Flows

User Guide. Cloud Gateway Software Device

2012 Best Practice Seminar. Presented by David Rawle

Smoothwall Web Filter Deployment Guide

NETFORT LANGUARDIAN INSTALLING LANGUARDIAN ON MICROSOFT HYPER V

Customer Service Description Next Generation Network Firewall

How to Guide: StorageCraft Cloud Services VPN

Data Loss Prevention. R77 Versions. Administration Guide. 5 May Classification: [Protected]

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

R75. Installation and Upgrade Guide

CounterACT 7.0 Single CounterACT Appliance

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Security Intelligenece: tracking obfuscated and unrecognized attacks Check Point Software Technologies Ltd.

Microsoft Azure Configuration

Web Application Firewall

Websense Web Security Gateway: What to do when a Web site does not load as expected

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Virtual Web Appliance Setup Guide

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

CYAN SECURE WEB APPLIANCE. User interface manual

Sophos UTM Software Appliance

Server application Client application Quick remote support application. Server application

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Secure Web Appliance. Reverse Proxy

Virtual Managment Appliance Setup Guide

Load Balancing Microsoft Sharepoint 2010 Load Balancing Microsoft Sharepoint Deployment Guide

Virtual Appliance Setup Guide

Chapter 8 Router and Network Management

Cisco Small Business ISA500 Series Integrated Security Appliances

Securing Networks with PIX and ASA

Best Practices: Pass-Through w/bypass (Bridge Mode)

How To Set Up A Vns3 Controller On An Ipad Or Ipad (For Ahem) On A Network With A Vlan (For An Ipa) On An Uniden Vns 3 Instance On A Vn3 Instance On

F-Secure Messaging Security Gateway. Deployment Guide

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Fortigate Features & Demo

Internet Filtering Appliance. User s Guide VERSION 1.2

Set Up the VM-Series Firewall in AWS

Lab Configuring Access Policies and DMZ Settings

Cloud Services Prevent Zero-day and Targeted Attacks

Lab Configure IOS Firewall IDS

GFI Product Manual. Web security, monitoring and Internet access control. Administrator Guide

How UTM-1, DLP and Application Control Protect your IT environment

Savvius Insight Initial Configuration

Using SonicWALL NetExtender to Access FTP Servers

IPv6 Workshop: Location Date Security Trainer Name

NEFSIS DEDICATED SERVER

Unprecedented Malware Growth

Transcription:

Workshop Avril 2015 Benoit Buonassera benoitb@checkpoint.com 06 72 94 19 98

BE YOUR CUSTOMER S BEST ADVISOR By using the Security Checkup tool you will increase your business opportunities while bringing added value to your customers

EXPOSE SECURITY RISKS ORGANIZATIONS ARE NOT AWARE OF

ENHANCE THE VALUE TO CUSTOMERS

THE REPORT RISKY WEB APPLICATIONS AND SITES DATA LOSS INCIDENTS MALWARE INFECTED COMPUTERS EXPLOITED VULNERABILITIES BANDWIDTH ANALYSIS COMPLIANCE & SECURITY POLICY CHECK

PROTECTION RECOMMENDATIONS RISKY WEB APPLICATIONS AND SITES DATA LOSS INCIDENTS MALWARE INFECTED COMPUTERS EXPLOITED VULNERABILITIES BANDWIDTH ANALYSIS COMPLIANCE & SECURITY POLICY CHECK

ONE ASSESSMENT FOUR STEPS CONFIGURE A CONNECT SECURITY GATEWAY TO NETWORK and activate security Software blades to inspect customer s traffic GENERATE REPORT PRESENT THE FINDINGS to analyze events and summarize findings and advise them how to enhance their security

GET DISCOUNT DEMO UNIT USE OPEN SERVER OR VIRTUAL MACHINE

FORMULAIRE CLIENT PRÉSENTATIONS GUIDE DE PRÉPARATION EXEMPLE DE RAPPORT LOGOS CLOUD SERVICE PACKAGE checkpointfrance.fr/index.php/securitycheckup

MORE INFORMATION ON PARTNERMAP

GENERATE MORE BUSINESS OPPORTUNITIES WHILE BRINGING ADDED VALUE TO YOUR CUSTOMERS

70% OF SECURITY CHECKUPS BECOME VALID BUSINESS OPPORTUNITIES * Worldwide, based on internal data, January 2012 to July 2014

BE YOUR CUSTOMER S BEST ADVISOR

Agenda 1. Présentation (45min) Architecture Qualification Configuration 2. Lab (1h30) 2015 Check Point Software Technologies Ltd. 14

Architecture BEST PRACTICES 2015 Check Point Software Technologies Ltd.

Mirror port architecture Firewall in production DC 16

Feature Limitations in Mirror Port Deployment IPS Blade (Detect Only. A few protections won't work.) URL Filtering (no UserCheck) App Control (no UserCheck) DLP (no FTP, no UserCheck, Prevent and Ask actions will be automatically demoted to 'Inform' action) Identity Awareness (no Captive Portal or Identity Agent) AV (Detect Only, can't use Proactive Mode or FTP) Antibot (Detect Only) HTTPS Inspection NOT supported 2015 Check Point Software Technologies Ltd. 17

Feature Limitations without Internet Access IPS Blade: No Updates Application Control: No Widgets detection URLF: No categorization AV: Partial (No Threat-Cloud usage) only local signature and no updates Anti-Bot: Partial 2015 Check Point Software Technologies Ltd. 18

Customer QUALIFICATION AND PREPARATION 2015 Check Point Software Technologies Ltd.

Ask customer to Fill the localized form Paramètres Adresse IP pour le boîtier avec masque de sous réseau Default Gateway (adresses IP) Serveur(s) DNS (adresses IP) Liste des réseaux internes (adresses IP et masques) Noms de Domaine des emails Compte administrateur du domaine AD Renseignement Celui-ci vous sera demandé pendant le PoC Choose location wisely Do not mirror an entire switch to one mirror port For example, only mirror Rx/Tx from the router or firewall external interface Configure the SPAN port on their switch 20

Configuration HOW-TO 2015 Check Point Software Technologies Ltd.

Download links Isomorphic R77_QuickSetup_Package Security Checkup tool package Link to generate an evaluation license 22

Restore to a factory default image Reboot the Appliance and use the boot menu to restore Or use ISOMorphic for a fresh installation 23

Gaia Quick Setup for Security Checkup Gaia R77.20 Quick Setup is intended for quick deployment preconfigured settings 2 methods with Check Point Upgrade Service Engine (CPUSE) Online Offline 24

Check Point Upgrade Service Engine (CPUSE) 25

Topology Remove Anti-Spoofing configuration from all interfaces Mgmt & Mirror Ports eth0, eth2, eth3 Internet eth1 [Restricted] ONLY for designated groups and individuals 2015 Check Point Software Technologies Ltd. 26

Blade Firewall Only one rule without logs 27

Blade Firewall TCP End Timeout Disable Out of State Protections 28

Blade Firewall Disable "reject_x11_in_any" 29

IPS Blade Update IPS Recommended Policy Set Policy to Detect only mode Activate «Perform IPS inspection on all traffic» 30

Application Control Ensure destination is Any (and not Internet) Update Applications and URLs Database Categorize HTTPS sites 31

DLP Blade Use the following command dlp_smtp_mirror_port enable DLP Wizard Configure My Organization object Internal Network object All Users Email Domain Name 32

Threat Prevention Blades Recommended profile in Detect Mode Activate «Inspect inspection on all traffic» 33

Threat Emulation Cloud Services ThreatCloud Emulation Service needs an EVAL license and a CONTRACT file to work Both need to be from the same UserCenter Account 34

SmartLog 35

Log Settings Activate SmartLog & configure Log Storage 36

SmartEvent Activate Select internal networks Install SmartEvent Policy 37

Customer Site PLUG AND PLAY 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

39

Mirror port Switch Configuration Commentaire Cisco configure terminal monitor session 1 source interface fa0/1,fa0/2,fa0/11 monitor session 1 destination interface fa0/12 HP mirror-port 8 interface 1-4 monitor show monitor Enterasys set port mirroring create ge.1.4 ge.1.11 show port mirroring Alcatel port mirroring 6 source 2/3 destination 2/4 show port monitoring status Extreme Networks config mirroring add ports 1,2,5,8 enable mirroring to port 9 untagged show mirroring copier tout ce qui entre ou sort du port 1,2 et 11 vers l'interface fa0/12 copier tout ce qui entre ou sort du port 1 à 4 vers l'interface 8 copier tout ce qui entre ou sort du port ge.1.4 vers l'interface ge.1.11 copier tout ce qui entre ou sort du port 2/3 vers l'interface 2/4 copier tout ce qui entre ou sort du port 1,2,5,8 vers l'interface 9 Use tcpdump to test the mirror tcpdump i [eth2, Lan2] 40

Dashboard Install Dashboard on the customer s computer Take a tour with him Policy (Dashboard) Logs (SmartLog) Events / Reports (SmartEvent) 41

Identity Awareness Activate AD Query You need Administrator Credentials 42

Testing AD Connectivity SmartView Monitor adlog a dc test_ad_connectivity 2015 Check Point Software Technologies Ltd. 43

Windows Audit Policy & WMI gpupdate /force 2015 Check Point Software Technologies Ltd. 44

Reports Schedule some predefined reports and automatically send them by email 45

Before you leave CPSIZEME 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

Launch CPSIZEME Lightweight shell script Measures resources utilization on Security Gateway CPU Memory consumption Throughput Etc sk88160: The Check Point Performance Sizing Utility 47

After the PoC TO DO LIST 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

Checkup Report 49

Post PoC C:\Program Files (x86)\checkpoint\ SmartConsole\R77.xx\PROGRAM\data\ ClientGeneratedReports\Output Generate Security Checkup Report Personalize it and send it to customer Anonymize it and send it to your Check Point representative + Excel File Upload 'cpsizeme' results to the Appliance sizing tool Generate cpsizeme report Use CPLogInvestigator (sk87263) to analyze log sizes Reset to factory default 50

Lab 51

Lab Network Host machine.2 (default route) VMNet8 (NAT) 192.168.80.0 / 24 VMNet1 192.168.1.0 / 24.80.90 MIRROR-2 MIRROR-1.100.1 eth3 eth2 eth1 eth0 192.168.1.1 Win2K3 AD Win7 Dashboard R77.20 Security Checkup 2015 Check Point Software Technologies Ltd. 52

Paramètres du clients Paramètres Renseignements Adresse IP pour le boîtier avec masque de sous réseau 192.168.80.100 / 24 Default Gateway (adresses IP) 192.168.80.2 Serveur(s) DNS (adresses IP) 192.168.80.80 Liste des réseaux internes (adresses IP et masques) Noms de Domaine des emails Compte administrateur du domaine AD 192.168.80.0 / 24 checkpoint.test.com Administrator / vpn123 53

Keyboard US FR Le Package QuickSetup met Gaia en clavier US Procédure pour le remettre en FR # dbset keyboard:mapping fr # dbset :save # /bin/kbd_map_xlate keyboard:mapping < /config/db/initial_db 54

Génération de trafic Depuis la VM Windows 7, répertoire My Documents Lock/unlock la session Windows pour tester IA test-urlf.bat pour tester URLF ubuntu.torrent pour tester APPCL ab-av-demo-tool.exe pour AV/AB 192.168.80.80/te pour threat emulation Télécharger quelques fichiers sur la VM Attention ce sont de vrais Virus dl.free.fr pour tester DLP cards.txt, source-code.c Faire les tests avec jlennon / vpn123 rstarr / vpn123 wmozart / vpn123 55

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information