Скачать презентацию Technical and Architectural Overview of R 70 Patrick Скачать презентацию Technical and Architectural Overview of R 70 Patrick

5279578268c2ab39e8f350bb445b2ce7.ppt

  • Количество слайдов: 49

Technical and Architectural Overview of R 70 Patrick Hanel Technical consultant, CISSP © 2003 Technical and Architectural Overview of R 70 Patrick Hanel Technical consultant, CISSP © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

Agenda § Check Point Software Blade Architecture § Check Point R 70 Technology § Agenda § Check Point Software Blade Architecture § Check Point R 70 Technology § Check. Point R 70. 1 © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 2

In 2009 customers have a choice network security solutions Check Point Software Blades Corporate In 2009 customers have a choice network security solutions Check Point Software Blades Corporate HQ IPS Web Security VPN Firewall Branch Office Firewall VPN OR Etc… multiple projects dedicated hardware dedicated management © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. Lower investment one project Lower TCO multiple configurations single management [Public] – For everyone 3

Our new security architecture softwareblades from Check Point © 2003 -2008 Check Point Software Our new security architecture softwareblades from Check Point © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 4

Total Security Complete Security & Management Portfolio Security Gateway Blades Security Management Blades © Total Security Complete Security & Management Portfolio Security Gateway Blades Security Management Blades © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 5

How does it work? STEP 1 STEP 2 STEP 3 Select a container based How does it work? STEP 1 STEP 2 STEP 3 Select a container based on size (# cores) Select the software blades Create a system that is simple, flexible, secure © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 6

Check Point Software Blades softwareblades from Check Point Secure © 2003 -2008 Check Point Check Point Software Blades softwareblades from Check Point Secure © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. Flexible Simple [Public] – For everyone 7

Check Point R 70 Technology © 2003 -2008 Check Point Software Technologies Ltd. All Check Point R 70 Technology © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

Check Point R 70 - The Evolution Continues § R 70 release featuring Software Check Point R 70 - The Evolution Continues § R 70 release featuring Software Blade architecture New IPS Software Blade Improved Core Firewall Performance New Provisioning Software Blade © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 9

R 70 architecture © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. R 70 architecture © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

R 70 Architecture Network § Deeper multi-core integration § Multi-tier IPS filtering engine – R 70 Architecture Network § Deeper multi-core integration § Multi-tier IPS filtering engine – quickly filters ~90% of traffic § Filter attacks only on the relevant sections of the traffic – reduce overhead – Reduce false positives § Performance Improvements in Secure Platform OS Firewall IPS Engine … Core. XL Secure Platform Network © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 11

Integration with Core. XL Core #0 PPAK Core #4 fw 3 Medium Path Queue Integration with Core. XL Core #0 PPAK Core #4 fw 3 Medium Path Queue eth 1 eth 0 Secure Network Dispatcher Core #1 Core #2 fw 5 Secure Network Dispatcher Core #5 Medium Path Queue fw 4 Medium Path Queue PPAK fw 2 Core #3 Medium Path Queue Core #6 Core #7 fw 1 fw 0 Medium Path Queue • Multiple firewall kernel instances increases performance 70%> per core • IPS runs outside of firewall path context • IPS processing: ~2 x faster than firewall path © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 12

Customize to Match Hardware Core #0 Secure. XL Core #4 firewall IPS eth 1 Customize to Match Hardware Core #0 Secure. XL Core #4 firewall IPS eth 1 eth 0 eth 1 Dispatcher Core #1 Core #2 Dispatcher fw 6 firewall Queue Core #5 IPS firewall IPS Secure. XL firewall Core #3 Core #6 IPS Core #7 firewall IPS § CPU Affinity - the ability to attach software code to physical CPU – Kernel instances will execute firewall and IPS on that core § NIC Affinity – the abilitiy to attach Network Interfaces to a Secure. XL/Dispatcher core © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 13

Set Cluster. XL IPS Failover Options § Prefer security § Prefer connectivity © 2003 Set Cluster. XL IPS Failover Options § Prefer security § Prefer connectivity © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 14

New IPS Engine/Architecture © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. New IPS Engine/Architecture © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

Redesigned IPS Engine New Threat Control Engine Utilizing multiple methods of detection and analysis Redesigned IPS Engine New Threat Control Engine Utilizing multiple methods of detection and analysis for accurate and confident security • Pre-emptive and accurate detection via NEW! multimethod signature & behavioral prevention engine. • Wide protection coverage for both server and client vulnerabilities. • Protection profiles with attack severity, confidence, and performance settings to automatically set protections to Detect or Prevent. • Open language for writing protections and protocol decoders. • Application Identification for application policy enforcement. © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 16

Architecture – Main Concepts § IPS Parallel Inspection Architecture – Multi-Layered parsing – where Architecture – Main Concepts § IPS Parallel Inspection Architecture – Multi-Layered parsing – where each layer screens attacks or the protocol/application. – Parsers Parse, Protections Protect » Protocol parser should not do security. » Protections should not re-parse the traffic again and again. » Makes protections much more accurate § “Accelerate” the IPS Inspection – Done by separating the IPS engines from the FW infrastructure to an independent blade. © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 17

Protects against IPS Evasion § The Streaming Engine reassembles TCP packets § Works in Protects against IPS Evasion § The Streaming Engine reassembles TCP packets § Works in conjunction with Secure. XL to accelerate packets § Prevents IPS evasion and network attacks § Provides packet captures Assembles packets for inspection and detects some attacks ad. txt get b © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. get b ad. txt [Public] – For everyone 18

Protects Against Protocol Anomalies § Protocol Parsers dissect the data stream § Validate protocol Protects Against Protocol Anomalies § Protocol Parsers dissect the data stream § Validate protocol compliance § The outcome is a context – Examples of contexts are HTTP URL, FTP command, FTP file name, HTTP response, and certain files © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 19

INSPECT V 2 Detects Complex Attacks § Accelerated by Secure. XL & Core. XL INSPECT V 2 Detects Complex Attacks § Accelerated by Secure. XL & Core. XL § Supports complex inspections to pinpoint the attack § Supports for loops, if conditions, string searches, and more § Decreases the development time of new protections § Useful for inspection of applications & protocols that are not well-defined © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 20

IPS Blade © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] IPS Blade © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

Introducing IPS Software Blade § New IPS Management Workflow § § Enhanced IPS profiles Introducing IPS Software Blade § New IPS Management Workflow § § Enhanced IPS profiles automatically activate protections Mark new protections for Follow-up § Better IPS Performance and Enforcement § § § New high speed pattern matching engine § Ensure total system performance New architecture facilitates fast release of new updates Packet capture mechanism § New IPS Event Management § § Timeline status to easily identify critical events on mission critical servers Forensic analysis tools to easily drill-down to packet captures of attack events © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 22

Why upgrade to Security Gateway R 70? § Improved IPS Management § Flexible IPS Why upgrade to Security Gateway R 70? § Improved IPS Management § Flexible IPS policy and Event management § Improved Performance § Merger of Core. XL into the main release § Fast IPS engine integrated with Core. XL § Better Security § New multi-detection IPS engine with over 2300 behavioral and signature based protections § Support for New Platforms § § § Secure. Platform based on 2. 6 kernel IPSO 6. x Windows Server 2008 RHEL 5 (Security Management only) Solaris 8, 9, 10 (Security Management only) © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 23

Flexible IPS Policy Management © 2003 -2008 Check Point Software Technologies Ltd. All rights Flexible IPS Policy Management © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

Single Security Management Console © 2003 -2008 Check Point Software Technologies Ltd. All rights Single Security Management Console © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 25

More Information and Classification § Severity levels – Likelihood that an attack will cause More Information and Classification § Severity levels – Likelihood that an attack will cause damage § Confidence levels – how confident IPS is that recognized attacks are actually undesirable traffic § Performance Impact – Protection impact on gateway performance § Protection Type – Clients and/or Servers § Industry Reference (e. g. : CVE-2009 -0098 and MS 09 -003) © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 26

Enforcement Types § Signatures – Prevent specific vulnerabilities § Anomaly protections – Prevent suspicious Enforcement Types § Signatures – Prevent specific vulnerabilities § Anomaly protections – Prevent suspicious non-compliant traffic § Application Controls – Select what is permitted or not inside a protocol § Engine Settings – Ability to configure the behavior of the different engines (like TCP, http, SIP, instant messengers etc…) © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 27

Simplified IPS Policy Management § Turn on the IPS Blade – Enable the blade, Simplified IPS Policy Management § Turn on the IPS Blade – Enable the blade, select a profile, and install the policy § Protections are automatically activated by the IPS profile – Default optimized for performance – Recommended optimized for security § Update Protections – Protections are automatically activated by the profile setting § Review IPS Status – Quickly see overall status and Security Center news § Set Application Enforcement Policy – Not automatically enforced by the profile settings © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 28

Turn on IPS Blade 1. Enable IPS 2. Select a profile 3. Install the Turn on IPS Blade 1. Enable IPS 2. Select a profile 3. Install the policy I PS © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. ON s i [Public] – For everyone 29

Automatic Activations New protections are automatically activated And set to Prevent or Detect © Automatic Activations New protections are automatically activated And set to Prevent or Detect © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 30

Quickly overview your status © 2003 -2008 Check Point Software Technologies Ltd. All rights Quickly overview your status © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 31

Set Application Enforcement Policy § Save your bandwidth and enforce proper network usage. – Set Application Enforcement Policy § Save your bandwidth and enforce proper network usage. – Dozens of Peer-to-peer and Instant Messaging applications can be blocked with just a click § New applications are constantly being added via IPS updates – E. g. ARES, QQ, Team. Viewer … © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 32

Granular Controls For Advanced Users § Customize and create new IPS profiles – Over-ride Granular Controls For Advanced Users § Customize and create new IPS profiles – Over-ride protections § Better management of new protections – Apply revision control in case you want to revert to an earlier update – Newly downloaded protections can be set to detect or prevent – Mark new protections for Follow-up to make it easier to review and monitor them – Activate only the Protections that match your network assets – Jump from the log directly to the protection – View packet captures § Create Network Exceptions – At the profile or protection level § Optimize IPS Policy § Strong integration with Provider-1 – Define multiple protection policies on the global level and choose how to implement them on the customer level © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 33

Customize Your IPS Policy 1. 2. 3. 4. 5. 6. Start with the Recommended Customize Your IPS Policy 1. 2. 3. 4. 5. 6. Start with the Recommended IPS profile Set the entire profile to Detect Configure the automatic Security, Performance, and Confidence Level Activate only the protections needed Look at the logs, adjust protections as needed Once satisfied with the result, Move to prevent mode © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 34

Browse and navigate through the protections § The Protection Browser allows easy and simple Browse and navigate through the protections § The Protection Browser allows easy and simple navigation through the entire list of protections. You can search, sort, filter, export and take action directly from the grid! © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 35

Add Network Exceptions Locate Issues, Troubleshoot, Change What Is Needed § Exclude specific traffic Add Network Exceptions Locate Issues, Troubleshoot, Change What Is Needed § Exclude specific traffic from inspection based on – Protections (individual, or all) – Source IPs, Networks or Groups – Destination IPs, Networks or Groups – Services – Gateways © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 36

View Packet Capture § Packet Capture – Useful forensic tool – Granular admin permission View Packet Capture § Packet Capture – Useful forensic tool – Granular admin permission © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 37

Optimizing IPS § Set protection scope – Protect internal hosts – Protect all § Optimizing IPS § Set protection scope – Protect internal hosts – Protect all § As an extra safety measure, use the Bypass Under Load mechanism to automatically disable the IPS in the unlikely event of high load © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 38

Safely Integrate New Protections § Follow up on newly downloaded protections. § Manage the Safely Integrate New Protections § Follow up on newly downloaded protections. § Manage the integration of each new protection individually. The user has complete control. © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 39

Whats new in R 70. 1 © 2003 -2008 Check Point Software Technologies Ltd. Whats new in R 70. 1 © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone

R 70. 1 Delivers Smart. Workflow Automated Policy Change Management Visual change tracking Flexible R 70. 1 Delivers Smart. Workflow Automated Policy Change Management Visual change tracking Flexible authorization Audit trails Single Console Integration © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 41

R 70. 1 New Appliance Features § Hardware sensors monitoring – – Fan speed, R 70. 1 New Appliance Features § Hardware sensors monitoring – – Fan speed, Motherboard voltages, CPU Temperatures Web Interface Display SNMP Support All Power-1 appliances § RAID monitoring – Logical & Physical HDD status – SNMP Support – Power-1 Appliances § Initial Configuration from USB key § Improved Setup from LCD – Setup Mgmt IP – Reboot © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 42

Power-1 11000 Hardware monitoring © 2003 -2008 Check Point Software Technologies Ltd. All rights Power-1 11000 Hardware monitoring © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 43

R 70. 1 New Appliance Features § Link Aggregation Security Gateway – Also known R 70. 1 New Appliance Features § Link Aggregation Security Gateway – Also known as NIC Teaming or Interface Bonding bond 0 – All interfaces in a bond are active and act as a single logical interface eth 0 – Traffic is load balanced between the bonded interfaces eth 1 – Increase aggregate bandwidth with high availability for the physical interfaces – IEEE 802. 3 ad or XOR standard – For Secure. Platform © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 44

R 70. 1 New Software Features URL Filtering Enhancements Reporting & Event Correlation Software R 70. 1 New Software Features URL Filtering Enhancements Reporting & Event Correlation Software Blades on VMware ESX © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 45

R 70. 1 User Interface New Features § Quick Add Object to Rule Base R 70. 1 User Interface New Features § Quick Add Object to Rule Base § Where Used – Go To § Easily View Group Members § Extended Clone Functionality © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 46

R 70. 1 Enhancements § Smart. Workflow – Change management of Network Policy objects R 70. 1 Enhancements § Smart. Workflow – Change management of Network Policy objects & rules – Audit trail of changes via Smart. View Tracker filter § Do. S/DDo. S Attack Mitigation – Detects multiple attacks – Learning mode – Gateway and server protections § Appliance/Secure. Platform enhancements – Link aggregation – active/active NIC bonding – USB key enables remote deployment of appliances – Appliance hardware monitoring § IPS-1 and R 70 IPS Event Management © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 47

R 70 Conclusion § Strong performance with integrated IPS enabled – Accelerated with Secure. R 70 Conclusion § Strong performance with integrated IPS enabled – Accelerated with Secure. XL and Core. XL § Better Security with a New multi-threat detection engine – Better protections – Scales as new protections are added – Industry-leading real-time threat protection update times § Easy-to-use integrated IPS – – Simplified management of IPS policy and updates Granular control of IPS policy, updates, and protections Cyclic workflow management design Great IPS Event Management and Forensic Analysis © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone 48

Thank You ! © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. Thank You ! © 2003 -2008 Check Point Software Technologies Ltd. All rights reserved. [Public] – For everyone