ccsa r70 study guide

Check Point Security Administrator R70Study Guide

Check Point Certified Security AdministratorExam: #156-215.70

Copyright © Check Point Software Technologies Ltd. All rights reserved.Printed by Check Point PressA Division of Check Point Software Technologies Ltd.First Printing December 2009

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

© 2003-2010 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

TRADEMARKS ©2003-2010 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Endpoint Security On Demand, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectCon-trol, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Coopera-tive Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Client-less Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlat-form, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, Smart-Center UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advi-

sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trade-marks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pend-ing applications.

DISCLAIMER OF WARRANTYCheck Point Software Technologies Ltd. makes no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.

International Headquarters: 5 Ha’Solelim StreetTel Aviv 67897, IsraelTel: +972-3-753 4555

U.S. Headquarters: 800 Bridge ParkwayRedwood City, CA 94065Tel: 650-628-2000Fax: 650-654-4233

Technical Support, Education & Profes-sional Services:

8333 Ridgepoint Drive, Suite 150Irving, TX 75063Tel: 972-444-6612Fax: 972-506-7913E-mail any comments or questions about our courseware to [email protected] questions or comments about other Check Point documentation, e-mail [email protected].

Document #: CCSA R70 Study Guide

Revision: R70001

Content: Mark Hoefle

Graphics: Jeffery Holder

Preface The Check Point Certified Security Administrator Exam 1

Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Check Point Technology Overview 7

Check Point Technology Overview Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 2 Check Point Software Blades 13

Check Point Software Blades Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Chapter 3 Deployment Platforms 17

Deployment Platforms Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 4 Introduction to the Security Policy 23

Introduction to the Security Policy Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Chapter 5 Monitoring Traffic and Connections 29

Introduction to the Monitoring Traffic and Connections Topics . . . . . . . . . . . . . . . 30


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 6 Using SmartUpdate 35

Introduction to the SmartUpdate Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Chapter 7 Upgrading to R70 39

Introduction to the Upgrading to R70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Chapter 8 User Management andAuthentication 43

Introduction to the User Management and Authentication Topics. . . . . . . . . . . . . . 45


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 9 Encryption and VPNs 49

Introduction to the Encryption and VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Chapter 10 User Management and Authentication 55

Introduction to the Introduction to VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Chapter 11 Messaging and Content Security 61

Introduction to the Messaging and Content Security Topics . . . . . . . . . . . . . . . . . . . 62


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Chapter 12 Check Point IPS 67

Introduction to the Check Point IPS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68


Answer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Preface

1

The Check Point Certified Security Administrator Exam

The Check Point Security Administrator R70 course provides an understanding of basic concepts and skills necessary to configure the Check Point Security Gateway, configure Security Policies, and learn about managing and monitoring secure net-works. The Check Point Security Administrator R70 Study Guide supplements knowledge you have gained from the Security Administrator R70 course, and is not a sole means of study.

The Check Point Certified Security Administrator R70 exam covers the following topics:

Describe Check Point’s unified approach to network management, and the key elements of this architecture

Design a distributed environment using the network detailed in the course topology

Install the Security Gateway version R70 in a distributed environment using the network detailed in the course topology

Given Check Point’s latest integration of CoreXL technology, select the best security solution for your corporate environment

Given network specifications, perform a backup and restore the current Gateway installation from the command line

Preface: The Check Point Certified Security Administrator Exam

2 Check Point Security Administrator R70 Study Guide

Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line

Deploy Gateways using sysconfig and cpconfig from the Gateway command line

Use the Command Line to assist support in troubleshooting common problems on the Security Gateway

Given the network topology, create and configure network, host and gateway objects

Verify SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard

Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use

Configure NAT rules on Web and Gateway servers

Evaluate existing policies and optimize the rules based on current corporate requirements

Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime

Use queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data

Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality

Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements

Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications

Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways

Upgrade and attach product licenses using SmartUpdate

Preface: The Check Point Certified Security Administrator Exam

Check Point Security Administrator R70 Study Guide 3

Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely

Manage users to access to the corporate LAN by using external databases

Select the most appropriate encryption algorithm when securing communication over a VPN, based on corporate requirements

Establish VPN connections to partner sites in order to establish access to a central database by configuring Advanced IKE properties

Configure a pre-shared secret site-to-site VPN with partner sites

Configure a certificate based site-to-site VPN using one partner's internal

Configure a certificate based site-to-site VPN using a third-party CA

Configure permanent tunnels for remote access to corporate resources

Configure VPN tunnel sharing, given the difference between host-based, subnet-based and gateway-based tunnels

Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection

Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus policy to filter and scan traffic

Implement default or customized profiles to designated Gateways in the corporate network

Manage profiles by tracking changes to the network, including performance degradation, and troubleshoot issues with the network related to specific IPS policy rules

Create and install IPS policies

Preface: The Check Point Certified Security Administrator Exam Frequently Asked Questions


Frequently Asked QuestionsThe table below provides answers to commonly asked questions about the CCSA R70 exam:

Question Answer

What are the Check Point rec-ommendations and prerequi-sites?

Check Point recommends you have at least 6 months to 1 year of experience with the prod-ucts, before attempting to take the CCSA R70 exam. In addition, you should also have basic networking knowledge, knowledge of Win-dows Server and/or UNIX, and experience with TCP/IP and the Internet.Check Point also recommends you take the Check Point Security Administrator R70 class from a Check Point Authorized Training Cen-ter (ATC). We recommend you take this class before taking the CCSA R70 exam. To locate an ATC, see:http://atc.checkpoint.com/atclocator/locateATC

How do I register? Check Point exams are offered through Pearson VUE, a third-party testing vendor with more than 3,500 testing centers worldwide. Pearson VUE offers a variety of registration options. Register via the Web or visit a specific testing center. Registrations at a testing center may be made in advance or on the day you wish to test, subject to availability. For same-day testing, contact the testing center directly.Locate a testing center from the VUE Pearson Web site:www.pearsonvue.com

What is the exam structure? The exams are composed of multiple-choice and scenario questions. There is no partial credit for incorrectly marked questions.



For more exam and course information, see:

http://www.checkpoint.com/services/education/

How long is the exam?Do I get extra time, if I am not a native English speaker?

The following countries are given 120 minutes to complete the exam. All other regions get 150 minutes:Australia Bermuda Canada Japan New Zealand Ireland South Africa UK US

Question Answer

Chapter

7

1Check Point Technology Overview

Check Point technology is designed to address network exploitation, administrative flexibility and critical accessibility. This chapter introduces the basic concepts of network security and management based on Check Point’s three-tier structure, and provides the foundation for technologies involved in the Check Point Software Blade Architecture, as discussed in the introduction. This course is lab-intensive, and in this chapter, you will begin your hands-on approach with a first-time instal-lation using standalone and distributed topologies.

Objectives:

Describe Check Point’s unified approach to network management, and the key elements of this architecture

Design a distributed environment using the network detailed in the course topology

Install the Security Gateway version R70 in a distributed environment using the network detailed in the course topology

Chapter 1: Check Point Technology Overview Check Point Technology Overview Topics


Check Point Technology Overview TopicsThe following table outlines the topics covered in the “Check Point Technology Overview” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.

Topic Key Element Page Number

Network Access Control p. 09

Gateway controlled network p. 10

The Check Point Firewall p. 11

Mechanisms for Controlling Net-work Traffic

p. 12

Stateful Inspection p. 14

Application IntelligenceSecurity Gateway Inspection Archi-tecture

p. 16p. 17

Deployment Strategies p. 20

The DMZBridge Mode

p. 22p. 23

Security Policy Manage-ment

p. 25

SmartConsole Components p. 25

Security Management Server p. 37

Managing Users in SmartDashboardSecuring Channels of Communica-tion

p. 39p. 43

Administrative Login Using SIC p. 45

Table 1-1: Check Point Technology Overview Topics

Check Point Technology Overview Topics Chapter 1: Check Point Technology Overview


Lab 1: Distributed Installa-tion

L-p. 1

Install Security Management Server L-p. 2

Configure Security Management Server - sysconfig

L-p. 12

Configure Corporate Security Gate-way - WebUI

L-p. 32

Install SmartConsole L-p. 42

Launch SmartDashboard L-p. 52

Lab 2: Branch Office Secu-rity Gateway Installation

L-p. 57

Install SecurePlatform on Branch Gateway

L-p. 58

Configure Branch Gateway - WebUI

L-p. 65


Table 1-1: Check Point Technology Overview Topics

Chapter 1: Check Point Technology Overview Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionWhat would be the benefit of upgrading from SmartDefense to IPS R70?:

1. Completely rewritten engine provides improved security performance and reporting.

2. There is no difference - IPS R70 is the new name.

3. The SmartDefense technology expands IPS-1 to IPS R70.

4. The SmartDefense is replaced by the technology of IPS-1.

Answer Chapter 1: Check Point Technology Overview


AnswerWhat would be the benefit of upgrading from SmartDefense to IPS R70?:

1. Completely rewritten engine provides improved security performance and reporting.

2. There is no difference - IPS R70 is the new name.

3. The SmartDefense technology expands IPS-1 to IPS R70.

4. The SmartDefense is replaced by the technology of IPS-1

Chapter 1: Check Point Technology Overview Answer


Chapter

13

2Check Point Software Blades

Check Point Software Technologies’ Software Blade architecture is the industry’s first network security architecture designed to meet businesses’ need for total, flex-ible and manageable security. The new architecture empowers businesses with the ability to select, from a library of over 20 software blades, the exact security pro-tections necessary and dynamically tailor security gateways for different environ-ments and sites.

Objectives:

Given Check Point’s latest integration of CoreXL technology, select the best security solution for your corporate environment.

Chapter 2: Check Point Software Blades Check Point Software Blades Topics


Check Point Software Blades TopicsThe following table outlines the topics covered in the “Check Point Software Blades” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Check Point Software Blade Architecture

p. 54

Key Benefits p. 55

Selecting Software Blades p. 57

Performance p. 58

CoreXL p. 58

Deploying Software Blades p. 59

Building Security Solutions p. 60

Systems p. 64

Gateway Systems p. 64

Management Systems p. 68

Enterprise Management Systems p. 69

Software Blades p. 71

Security Gateway Software Blades p. 71

Security Management Software Blades

p. 73

Security Gateway R70 p. 75

Advantages p. 75

Performance Architecture p. 77

Building Blocks p. 81

Table 2-2: Check Point Software Blades Topics

Sample CCSA R70 Exam Question Chapter 2: Check Point Software Blades


Sample CCSA R70 Exam QuestionSelect the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

1. Increase network security by securing administrative communication with a two-factor challenge response authentication.

2. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.

3. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.

4. For R70 Security Gateways are created during the Security Management Server installation.

Chapter 2: Check Point Software Blades Answer


AnswerSelect the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

1. Increase network security by securing administrative communication with a two-factor challenge response authentication.

2. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.

3. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.

4. For R70 Security Gateways are created during the Security Management Server installation.

Chapter

17

3Deployment Platforms

Before delving into the intricacies of creating and managing Security Policies, it is beneficial to know about Check Point’s different deployment platforms, and under-stand the basic workings of Check Point’s UNIX-based and Linux operating sys-tems (IPSO and SecurePlatform) that support many Check Point products. For those familiar with Linux and UNIX this section will be a review. But for those with little to no Linux/UNIX experience, this will be a welcome guide

Objectives:

Given network specifications, perform a backup and restore the current Gateway installation from the command line.

Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line.

Use command line utilities to assist support in troubleshooting common problems on the Security Gateway.

Deploy Gateways using sysconfig and cpconfig from the Gateway command line.

Chapter 3: Deployment Platforms Deployment Platforms Topics


Deployment Platforms TopicsThe following table outlines the topics covered in the “Deployment Platforms” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


UTM-1 Edge Appliance p. 87

Advantages p. 88

Power-1 Appliances p. 91

Architecture p. 91

IP Appliances p. 92

Managing the IP Appliance p. 93

Network Voyager p. 94

IPSO p. 96

IPSO File Systems p. 101

CLISH p. 106

SecurePlatform p. 120

Requirements p. 121

Using Command Line p. 123

Backup and Restore p. 126

Critical Directories p. 134

Managing SecurePlatform p. 138

Command Shell p. 140

Lab 3: CLI Tools L-p. 75

Set Expert Password L-p. 76

Table 3-3: Deployment Platforms Topics

Deployment Platforms Topics Chapter 3: Deployment Platforms


Apply Other Useful Commands L-p. 78

Add and Delete Administrators via the CLI

L-p. 79

Perform backkup and restore L-p 81


Table 3-3: Deployment Platforms Topics

Chapter 3: Deployment Platforms Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionWhat is the primary benefit of using upgrade_export over either backup or snapshot?

1. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.

2. upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.

3. The backup and snapshot commands can take a long time to run whereas upgrade_export will take a much shorter amount of time.

4. upgrade_export is operating system independent and can be used when backup or snapshot is not available.

Answer Chapter 3: Deployment Platforms


AnswerWhat is the primary benefit of using upgrade_export over either backup or snapshot?

1. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.

2. upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.

3. The backup and snapshot commands can take a long time to run whereas upgrade_export will take a much shorter amount of time.

4. upgrade_export is operating system independent and can be used when backup or snapshot is not available.

Chapter 3: Deployment Platforms Answer


Chapter

23

4Introduction to the Security Policy

The Security Policy is essential in administrating security for your organization’s network. Your organization not only has to do a good job managing perimeter ac-cess control to company resources, but must also handle sensitive traffic to and from local area networks and remote devices, provide much-needed application-layer protection, maintain simple and effective management, and keep its security budget under control.

Objectives:

Given the network topology, create and configure network, host and gateway objects.

Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard.

Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use.

Configure NAT rules on Web and Gateway servers.

Evaluate existing policies and optimize the rules based on current corporate requirements.

Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime.

Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics


Introduction to the Security Policy TopicsThe following table outlines the topics covered in the “Introductions to the Security Policy” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Security Policy Basics p. 158

The Rule Base p. 158

Managing Objects in SmartDashboard

p. 159

SmartDashboard and Objects p. 160

Managing Objects p. 162

Creating the Rule Base p. 166

Basic Rule Base Concepts p. 166

Default Rule p. 166

Basic Rules p. 169

Implicit/Explicit Rules p. 170

Control Connections p. 172

Detecting IP Spoofing p. 176

Completing the Rule Base p. 179

Understanding Rule Base Order p. 179

Rule Base Management p. 180

Useful Tips p. 180

Policy Management and Revision Control

p. 182

Table 4-4: Security Policy Topics

Introduction to the Security Policy Topics Chapter 4: Introduction to the Security Policy


Policy Management Over-view

p. 183

Installation Targets p. 186

Querying and Sorting Rules and Objects

p. 188

Database Revision Control p. 192

Implementing Database Revision Control

p. 192

Network Address Transla-tion

p. 195

IP Addressing p. 196

Hide NAT p. 197

Static NAT p. 199

Choosing the Hide Address p. 201

Configuring Automatic NAT p. 201

Hide NAT Object Configuration p. 204

Manual NAT p. 208

Multicasting p. 212

Configuring Multicast Access Con-trol

p. 212

Lab 4: Defining Basic Objects and Rules

L-p. 83

Create Security Gateway Object L-p. 85

Create GUIclient Object L-p. 91

Create Rules for Corporate Gateway L-p. 92

Save the Policy L-p 97

Install the Policy L-p. 98



Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics


Test the Corporate Policy L-p. 102

Create the Remote Security Gate-way Object

L-p. 103

Create a New Policy for the Branch Office

L-p. 108

Combine Policies L-p. 112

Lab 5: Configure the DMZ L-p. 119

Configure DMZ Interface on the Gateway

L-p. 120

Create DMZ Objects in SmartDash-board

L-p. 121

Create DMZ Access Rule L-p. 123

Test the Policy L-p. 124

Lab 6: Configuring NAT L-p. 125

Configure Hide NAT on the Corpo-rate Network

L-p. 126

Test the Hide NAT Address L-p. 129

Configure Static NAT on the DMZ Server

L-p. 131

Test the Static NAT Address L-p. 133

Observe Hide NAT Traffic Using fw monitor

L-p. 134

Observe Static NAT Traffic Using fw monitor

L-p. 139



Sample CCSA R70 Exam Question Chapter 4: Introduction to the Security Policy


Sample CCSA R70 Exam QuestionA Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

1. Nothing else must be configured.

2. Automatic ARP must be unchecked in the Global Properties.

3. A static route must be added on the Security Gateway to the internal host.

4. A static route for the NAT IP must be added to the Gateway's upstream router.

Chapter 4: Introduction to the Security Policy Answer


AnswerA Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

1. Nothing else must be configured.

2. Automatic ARP must be unchecked in the Global Properties.

3. A static route must be added on the Security Gateway to the internal host.

4. A static route for the NAT IP must be added to the Gateway's upstream router.

Chapter

29

5Monitoring Traffic and Connections

To manage your network effectively and to make informed decisions, you need to gather information on the network’s traffic patterns.

Objectives:

Use queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.

Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality.

Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements.

Chapter 5: Monitoring Traffic and ConnectionsIntroduction to the Monitoring Traffic and Connec-


Introduction to the Monitoring Traffic and Connections Topics

The following table outlines the topics covered in the “Monitoring Traffic and Connections” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


SmartView Tracker p. 219

SmartView Tracker Login p. 220

Log Types p. 220

SmartView Tracker Tabs p. 222

Action Icons p. 223

Log-File Management p. 225

Administrator Auditing p. 228

Global Logging and Alerting p. 228

Time Settings p. 231

Blocking Connections p. 233

Terminating and Blocking Active Connections

p. 233

SmartView Monitor p. 235

SmartView Monitor Login p. 237

Customizable Views p. 237

Monitoring Suspicious Activity Rules

p. 244

Monitoring Alerts p. 244

Table 5-5: Monitoring Traffic and Connections Topics

Introduction to the Monitoring Traffic and Connections Topics Chapter 5: Monitoring Traffic and


SmartView Tracker vs. SmartView Monitor

p. 249

Eventia Reporter p. 250

Report Types p. 252

Predefined Reports p. 254

Customizing Predefined Reports p. 256

Eventia Reporter Considerations p. 257

Eventia Reporter Licensing p. 260

Lab 7: Monitoring with SmartView Tracker

L-p. 143

Launch SmartView Tracker L-p. 144

Track by Source and Destination L-p. 148

Modify the Gateway to Activate SmartView Monitor

L-p. 150

View Traffic Using SmartView Monitor

L-p 152


Table 5-5: Monitoring Traffic and Connections Topics

Chapter 5: Monitoring Traffic and Connections Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionA third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?

1. This information can only be viewed with fw ctl pstat command from the CLI.

2. SmartView Tracker.

3. Eventia Analyzer.

4. SmartView Monitor

Answer Chapter 5: Monitoring Traffic and Connections


AnswerA third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?

1. This information can only be viewed with fw ctl pstat command from the CLI.

2. SmartView Tracker.

3. Eventia Analyzer.

4. SmartView Monitor

Chapter 5: Monitoring Traffic and Connections Answer


Chapter

35

6Using SmartUpdate

SmartUpdate extends your organization’s ability to provide centralized policy man-agement across enterprise-wide deployments. SmartUpdate can deliver automated software and license updates to hundreds of distributed Security Gateways from a single management console.

Objectives:

Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications.

Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways.

Upgrade and attach product licenses using SmartUpdate.

Chapter 6: Using SmartUpdate Introduction to the SmartUpdate Topics


Introduction to the SmartUpdate TopicsThe following table outlines the topics covered in the “SmartUpdate” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


SmartUpdate and Manag-ing Licenses

p. 265

Understanding SmartUpdate p. 266

SmartUpdate Introduction p. 268

Overview of Managing Licenses p. 270

License Attachment Process p. 274

Service Contracts p. 279

Licensing R70 p. 285

Obtaining a License Key p. 285

Software Installation Packages p. 287

Gateway Upgrade p. 288

SmartUpdate Options p. 289

The SmartUpdate Command Line p. 290

Lab 8: Using SmartUpdate L-p. 159

Get Gateway Data and Run CPINFO

L-p. 160

Download HFA Package L-p. 163

Table 6-6: Using SmartUpdate Topics

Sample CCSA R70 Exam Question Chapter 6: Using SmartUpdate


Sample CCSA R70 Exam QuestionYou are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?

1. Send a Certified Security Engineer to each site to perform the update.

2. Use SmartUpdate to install the packages to each of the Security Gateways remotely.

3. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.

4. Send a CD-ROM with the HFA to each location and have local personnel install it.

Chapter 6: Using SmartUpdate Answer


AnswerYou are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?

1. Send a Certified Security Engineer to each site to perform the update.

2. Use SmartUpdate to install the packages to each of the Security Gateways remotely.

3. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.

4. Send a CD-ROM with the HFA to each location and have local personnel install it.

Chapter

39

7Upgrading to R70

This chapter shows how to upgrade an existing Security Management server and se-curity gateway to R70. Upgrades are used to save Check Point product configura-tions, Security Policies, and objects, so that Security Administrators do not need to recreate Gateway and Security Management Server configurations. This chapter lists guidelines for deciding when to upgrade, versus doing a new installation.

Objectives:

Based on current products or platforms used in an enterprise network, perform a pre installation compatibility assessment before upgrading to R70.

Given R70 licensing restrictions, obtain a license key.

Install a Contract File on platforms such as Windows, SecurePlatform, Linux, Solaris and IPSO.

Chapter 7: Upgrading to R70 Introduction to the Upgrading to R70


Introduction to the Upgrading to R70The following table outlines the topics covered in the “Upgrading to R70” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Pre installation Compati-bility

p. 295

Supported Upgrade Paths p. 297

Backward Compatibility for Gate-ways

p. 297

IPS-1 Upgrade Paths and Interoper-ability

p. 298

Important R70 Upgrade Notes p. 298

Upgrade Configuration p. 300

Distributed Installation p. 302

Gateway Upgrade p. 306

Lab 9: Upgrading a Secu-rity Gateway Locally

L-p. 169

Upgrade the Security Gateway L-p. 170

Table 7-7: Upgrading to R70 Topics

Sample CCSA R70 Exam Question Chapter 7: Upgrading to R70


Sample CCSA R70 Exam QuestionYou currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?

1. The license is not upgraded.

2. It is upgraded with new available features, but cannot be activated.

3. It is deleted.

4. The license will be upgraded with a warning.

Chapter 7: Upgrading to R70 Answer


AnswerYou currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?

1. The license is not upgraded.

2. It is upgraded with new available features, but cannot be activated.

3. It is deleted.

4. The license will be upgraded with a warning.

Chapter

43

8User Management andAuthentication

In this chapter, we discuss Security Gateway options for creating, managing, and authenticating users. If you do not have a user-management infrastructure in place, you can make a choice between managing the internal-user database or choosing to implement an LDAP server. If you have a large user count, Check Point recom-mends opting for an external user-management database, such as LDAP. By main-taining a large user database externally, Security Gateway performance is greatly enhanced. For example, if the user database is external, the database will not have to be reinstalled every time the user information changes. Additionally, the external user database can be used as the user database by other applications.

Authentication confirms the identity of valid users authorized to access your com-pany network. Staff from different departments are assigned access permissions, based on their level of responsibility and role within the organization. Authentica-tion ensures that all users trying to access the system are valid users, but does not define their access rights.

Check Point authentication features enable you to verify the identity of users log-ging in to the Security Gateway, but also allow you to control security by allowing some users access and disallowing others. Users authenticate by proving their iden-tities, according to the scheme specified under a Gateway authentication scheme, such as LDAP, RADIUS, SecurID and TACACS.

Chapter 8: User Management and Authentication


Objectives:

Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.

Manage users to access to the corporate LAN by using external databases

Introduction to the User Management and Authentication Topics Chapter 8: User Management and


Introduction to the User Management and Authentication Topics

The following table outlines the topics covered in the “User Management and Authentication” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Creating Users and Groups in SmartDashboard

p. 311

User Types p. 311

Security Gateway Authenti-cation

p. 313

Introduction to Authentication Methods

p. 313

Authentication Schemes p. 315

Remote User Authentication p. 317

Authentication Methods p. 319

User Authentication p. 319

Configuring User Authentication p. 325

Session Authentication p. 326

Configuring Session Authentication p. 327

Client Authentication p. 328

Configuring Client Authentication p. 333

Resolving Access Conflicts p. 335

Configuring Authentication Tracker p. 336

Table 8-8: User Management and Authentication Topics

Chapter 8: User Management and AuthenticationIntroduction to the User Management and Authen-


LDAP User Management with SmartDirectory

p. 337

LDAP Features p. 337

Multiple LDAP Servers p. 339

Using an Existing LDAP Server p. 340

Configuring Entities to Work with the Gateway

p. 340

Managing Users p. 346

SmartDirectory Groups p. 347

Lab 10: Client Authentica-tion

L-p. 177

Use Manual Client Authentication with FTP and Local User

L-p. 178

Modify the Rule Base L-p. 181

Test Manual Client Authentication L-p. 184

Use Partially Automatic Client Auth with a Local User

L-p. 185

Use Partially Automatic Client Auth with LDAP

L-p. 189

Verify SmartDashboard Integration L-p. 195

Test Active Directory Authentica-tion

L-p. 198

Create a Database Revision L-p. 200


Table 8-8: User Management and Authentication Topics

Sample CCSA R70 Exam Question Chapter 8: User Management and Authentication


Sample CCSA R70 Exam QuestionChoose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.

1. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

2. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

3. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.

4. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

Chapter 8: User Management and Authentication Answer


AnswerChoose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.

1. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

2. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

3. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.

4. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

Chapter

49

9Encryption and VPNs

The Check Point Security Gateway enables you to create site-to-site Virtual Private Networks (VPNs) that provide secure communication between two defined partic-ipants, by encrypting the communication on unsecured public networks, such as the Internet.

Objectives:

Select the most appropriate encryption algorithm when securing communication over a VPN, based on corporate requirements.

Configure a certificate-based site-to-site VPN using one partner's internal CA.

Establish VPN connections to partner sites in order to establish access to a central database by configuring Advanced IKE properties.

Chapter 9: Encryption and VPNs Introduction to the Encryption and VPNs Topics


Introduction to the Encryption and VPNs Topics

The following table outlines the topics covered in the “Encryption and VPNs” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Securing Communication p. 353

Privacy p. 353

Symmetric Encryption p. 354

Symmetric Disadvantages p. 355

Asymmetric Encryption p. 356

Diffie-Hellman p. 356

Integrity p. 358

Authentication p. 359

Two-Phases of Encryption p. 361

Encryption Algorithms p. 362

IKE p. 363

ISAKMP p. 363

Oakley p. 363

ISAKMP/Oakley p. 363

Phase 1 p. 364

Phase 2 p. 365

How a VPN Works p. 366

Tunneling-Mode Encryption p. 369

Table 9-9: Encryption and VPNs Topics

Introduction to the Encryption and VPNs Topics Chapter 9: Encryption and VPNs


Certificate Authorities p. 371

Certificates p. 371

Multiple Certificate Authorities p. 372

Local Certificate Authority p. 372

CA Service via the Internet p. 373

Internal Certificate Authority p. 375

Creating Certificates p. 375


Table 9-9: Encryption and VPNs Topics

Chapter 9: Encryption and VPNs Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionYour organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R70 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

1. Certificate Revocation Lists

2. Application Intelligence.

3. Digital signatures.

4. Key-exchange protocols.

Answer Chapter 9: Encryption and VPNs


AnswerYour organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R70 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

1. Certificate Revocation Lists

2. Application Intelligence.

3. Digital signatures.

4. Key-exchange protocols.

Chapter 9: Encryption and VPNs Answer


Chapter

55

10User Management and Authentication

Virtual Private Networking technology leverages the Internet to build and enhance secure network connectivity. Based on standard Internet secure protocols, a VPN enables secure links between special types of network nodes: the Gateways. Site-to site VPN ensures secure links between Gateways. Remote Access VPN ensures se-cure links between Gateways and remote access clients.

Objectives:

Configure a pre-shared secret site-to-site VPN with partner sites.

Configure permanent tunnels for remote access to corporate resources.

Configure VPN tunnel sharing, given the difference between host-based, subnet-based and gateway-based tunnels.

Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics


Introduction to the Introduction to VPNs Topics

The following table outlines the topics covered in the “Introduction to VPNs” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


The Check Point VPN p. 381

VPN Deployments p. 383

Site-to-Site VPNs p. 383

Remote-Access VPNs p. 383

VPN Implementation p. 384

Three Critical VPN Components p. 384

VPN Setupq p. 385

VPN communities p. 387

VPN Topologies p. 389

Choosing a Topology p. 391

Authentication Between Commu-nity Members

p. 395

Domain and Route-Based VPNs p. 396

Access Control and VPN Commu-nities

p. 397

Excluded Services p. 400

Special considerations for Planning a VPN Topology

p. 400

Integrating VPNs into a Rule Base p. 401

Table 10-10: Introduction to VPNs Topics

Introduction to the Introduction to VPNs Topics Chapter 10: User Management and Authentication


Simplified vs, Traditional Mode VPNs

p. 403

VPN Tunnel Management p. 404

Permanent Tunnels p. 404

VPN Tunnel Sharing p. 407

Remote Access VPNs p. 409

Multiple Remote Access VPN Communities

p. 410

Establishing a Connection Between Remote User and a Gateway

p. 410

Configuring Remote Access VPN p. 413

Lab 11: Site-to-Site VPN Between Corporate and Branch Office

L-p. 201

Define the VPN Domain L-p. 202

Create the VPN Community L-p. 205

Create the VPN Rule and Modify-ing the Rule Base

L-p. 211

Test VPN Connection L-p. 214

VPN Troubleshooting L-p. 220

Lab 12: Tow-Gateway IKE Encryption Using Certifi-cates

L-p. 223

Save Certificate for Export L-p. 224

Add Instructor Machine to VPN Community

L-p. 226

Add the Instructor Network to the VPN Community

L-p. 231



Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics


Create Atlantis Certificate Author-ity

L-p. 233


Install and Verify Security Gateway Configuration

L-p. 237

Test Encryption with Certificates L-p. 238

Revert to Standard Security Policy L-p. 242

Lab 13: Remote Access and Office Mode

L-p. 243

Create Remote-Access Group L-p. 245

Configure Gateway for IKE Encryption and LDAP Authentica-tion

L-p. 246

Configure VPN Domain L-p. 248

Configure Office Mode IP-Pool L-p. 251

Configure Remote Access Commu-nity Objects

L-p. 253

Modify the Rule Base for Remote Access

L-p. 256

Create a Site Using the Site Wizard L-p. 258

Verify Office Mode IP Assignment L-p. 265

Test the Remote Connection L-p. 267



Sample CCSA R70 Exam Question Chapter 10: User Management and Authentication


Sample CCSA R70 Exam QuestionYou have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose?

1. IPsec: It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.

2. IPsec: It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted.

3. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.

4. SSL VPN: It has more secure and robust encryption schemes than IPsec.

Chapter 10: User Management and Authentication Answer


AnswerYou have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose?

1. IPsec: It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.

2. IPsec: It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted.

3. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.

4. SSL VPN: It has more secure and robust encryption schemes than IPsec.

Chapter

61

11Messaging and Content Security

Protecting corporate resources is a major concern for most businesses. Blocking un-desirable content is an important part of a corporate security policy for a variety of reasons, including:

Computer viruses, Trojans and ActiveX components containing malicious code can bring down entire networks.

Viewing undesirable Web content wastes time and resources.

Access control firewalls prevent unauthorized traffic from passing through the Gateway. However, hackers also attempt to misuse allowed traffic and services. Some of the most serious threats in today's Internet environment come from attacks that attempt to exploit the application layer. Access control devices cannot easily detect malicious attacks aimed at these services.

Objectives:

Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection.

Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus policy to filter and scan traffic.

Chapter 11: Messaging and Content Security Introduction to the Messaging and Content Security


Introduction to the Messaging and Content Security Topics

The following table outlines the topics covered in the “Messaging and Content Security” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


Antivirus Protection p. 419

Anti-Virus Signature Database Updates

p. 420

Antivirus Scanning p. 422

Content Security Scanning in Prac-tice

p. 423

File Type Recognition p. 429

Continuous Download p. 430

Logging and Monitoring p. 431

File Size Limitations and Scanning p. 432

Basic URL Filtering p. 435

Architecture p. 435

Anti-Spam and Mail p. 437

Architecture p. 439

Logging and Monitoring p. 441

Lab 14: Messaging and Content Security

L-p. 269

Revert to Standard Security Policy L-p. 270

Modify DMZ Server Object L-p. 271

Table 11-11: Messaging and Content Security Topics

Introduction to the Messaging and Content Security TopicsChapter 11: Messaging and Content Se-


Modify Rule Base L-p. 273

Observe SMTP Traffic L-p. 274

Modify the Gateway Properties L-p. 275

Configure Anti-Virus and Anti-Spam for Monitor Only

L-p. 276

Analyze Logs L-p. 279

Reconfigure Policy to Block Attacks

L-p. 282


Table 11-11: Messaging and Content Security Topics

Chapter 11: Messaging and Content Security Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionWhich Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

1. HTTP

2. RLOGIN

3. FTP

4. HTTPS

Answer Chapter 11: Messaging and Content Security


AnswerWhich Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

1. HTTP

2. RLOGIN

3. FTP

4. HTTPS

Chapter 11: Messaging and Content Security Answer


Chapter

67

12Check Point IPS

This chapter presents basic information on Check Point’s Intrusion Prevention Soft-ware Blade, how intrusion prevention systems work, and prevent network attacks that the intrusion prevention system can detect.

Objectives:

Implement default or customized profiles to designated Gateways in the corporate network.

Manage profiles by tracking changes to the network, including performance degradation, and troubleshoot issues with the network related to specific IPS policy rules.

Create and install IPS policies.

Chapter 12: Check Point IPS Introduction to the Check Point IPS Topics


Introduction to the Check Point IPS TopicsThe following table outlines the topics covered in the “Check Point IPS” chapter of the Check Point Security Administrator R70 Course. This table is intended as a supplement to knowledge you have gained from the Security Administrator R70 Courseware handbook, and is not meant to be a sole means of study.


IPS Overview p. 449

New IPS Engine/Architecture p. 451

Flexible IPS Policy Management p. 453

IPS Event Manager p. 455

Configuring and Manag-ing IPS

p. 456

IPS Protection p. 460

IPS Profiles p. 462

Assigning Profiles p. 464

Protection Browser p. 466

Exporting the Protections List p. 468

Protection Parameters p. 468

Activating Protections p. 473

Automatically Activating Protec-tions

p. 473

Manually Activating Protections p. 476

Monitoring Traffic p. 477

Network Exceptions p. 478

Viewing Packet Information p. 479

Optimizing IPS p. 482

Table 12-12: Check Point IPS Topics

Introduction to the Check Point IPS Topics Chapter 12: Check Point IPS


Performance Management p. 482

Tuning Protections p. 486

IPS Policy Settings p. 486

Enhancing System Performance p. 487

Updating Protections - IPS Subscription

p. 489

Managing IPS Protections p. 489

Updating IPS Protections p. 489

Downloading Updates p. 490

Lab 15: Implementing IPS L-p. 285

Modify the Gateway Properties L-p. 286

Modify DMZ Server Object L-p. 287

Configure IPS for Preliminary Detection

L-p. 291


Generate an Attack L-p. 302

Analyze the Attack L-p. 304

Reconfigure IPS to Block Attacks L-p. 308

Review Logs L-p. 310


Table 12-12: Check Point IPS Topics

Chapter 12: Check Point IPS Sample CCSA R70 Exam Question


Sample CCSA R70 Exam QuestionYou just upgraded to R70 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?

1. The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.

2. This can't be achieved; activating any IPS system always causes a high rate of false positives.

3. As in SmartDefense, this can be achieved by activating all the critical checks manually.

4. The new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.

Answer Chapter 12: Check Point IPS


AnswerYou just upgraded to R70 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?

1. The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.

2. This can't be achieved; activating any IPS system always causes a high rate of false positives.

3. As in SmartDefense, this can be achieved by activating all the critical checks manually.

4. The new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.

Chapter 12: Check Point IPS Answer


ccsa r70 study guide

Documents

check point logo

check point documentation

check point endpoint

check point software

check point express

total security

smarter security

pure security