Upload
jett
View
91
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Что нового появилось после выхода R70. Антон Разумов [email protected] Консультант по безопасности Check Point Software Technologies. R70 introduced with:. R70.1. Introducing R70.1. SmartWorkflow blade Hardware monitoring Various features GUI enhancements. - PowerPoint PPT Presentation
Citation preview
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Что нового появилось после выхода R70
Антон Разумов[email protected]Консультант по безопасностиCheck Point Software Technologies
22©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
R70 introduced with:
33©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
R70.1
44©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Introducing R70.1
SmartWorkflow blade Hardware monitoring Various features GUI enhancements
55©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Introducing SmartWorkflow
Check Point’s SmartWorkflow software blade automates security policy change management Enforces a formal process of tracking, approving and
auditing security policy changes Reduces errors by providing granular visibility into policy
changes Enhances compliance through audit trails and built-in role
segregation Aligns to an organization’s existing change management
approval process Streamlines change management increasing operational
efficiency One-stop, total policy lifecycle management integrated into
SmartDashboard
66©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
SmartWorkflow Operation Mode
77©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
• Smart Workflow • Automatic security database revisions• Highlighting the changes in SmartDashboard• Allowing visual navigation between the changes• Allow discarding the changes and returning back to the previous database revision.• Allow generating change comparison report• Audit trailing change
R70.1 SmartWorkflowplanned for R70.1
88©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Hardware Health Monitoring Capabilities
• RAID Health: Monitor the health of the disks in the RAID array, and be notified of the states of the volumes and disks. The information is available via SNMP.
• Sensors: Monitor fan speed, voltages, and temperatures on the hardware. The information is available via SNMP and, for Check Point appliances, also via the SecurePlatform Web interface.
R70.1 HW monitoring:
99©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Link Aggregation 802.3ad Both interfaces need to be connected to the same switch when
aggregating Up to 8 NIC’s in a bond No limit besides the SPLAT limit of 1015 total interfaces Both HA and LS are supported
Ability to set IP address trough LCD Changed URLF filter database provider Remote Deployment Tool (USB based tool to allow initial OS configuration)
R70.1 additional features:
1010©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
• Quick Add Object - Allows you to easily find and insert objects into the Security Rule Base
• Where Used > Go To - Allows you to jump from the Where Used window to the locations itreferences.
• Easily View Group Members - When hovering over a Group in the Rule Base, a tooltip displaysthe Group members.
• Extended Clone Functionality - The Clone functionality, which allows creating a new objectbased on an existing one, is extended to include Services, IP ranges, Group
objects, etc.• Read Only State for Object Properties
- In numerous key fields of the object properties it is nowpossible to copy the text of the fields while in ‘Read-only’ state.
• Delete Multiple Database Versions – While in the Database Revision Control window, it ispossible to select multiple Database Versions and delete them at once.
R70.1 GUI enhancements
1111©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
R70.20
1212©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Event Correlation & IPS Event Analysis Software Blades Update
Reporting Blade Updates IPS Software Blade Update Multi-Core Licensing
Moving on to R70.20, what’s new:
1313©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
IPS Event Analysis Client
1414©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
New Real Time Views & Simplified Events Processing
Timeline View Charts View Maps View Group By – Real Time Pivots and Graphs for Data User / machine identification
1515©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Timeline View
1616©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Charts View
1717©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Maps View
1818©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Group By – Real Time Pivots and Graphs for Data
1919©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: The challenge
Ability to identify users and computers passing through the firewall
Distinguish between corporate and unmanaged devices
Traffic monitoring and network maintenance
Network and Security events analysis
2020©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: The Solution
Introducing new Check Point firewall capability to provide Identity-based auditing Present user and machine identity in the firewall logs
Leveraging Check Point SmartView Tracker and Eventia logging solutions
The identity information is based on Microsoft Active Directory integration
Identity-based Auditing
User and machine identity in Check Point SmartView Tracker
2121©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: The use case
Security and compliance audit Troubleshooting network issues Ability to distinguish corporate and unmanaged
assets Helpdesk and maintenance Analyzing network usage
Bring Identity Awareness to your Check Point firewall
2222©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: How it works
User and Computer Identity is obtained from Active Directory (AD) security event logs
The gathered AD log information is used to build an association map that is referenced for enriching Check Point logs with the AD username and computer name based on users’ IP address.
Check Point Log Server uses WMI protocol to communicate with Active Directory
Supported in SmartCenter management from R70.2 SmartView Tracker Eventia Reporter and Analyzer
Does not require any installations on Active Directory server Leverage your existing security gateways, no upgrade is needed
2323©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: Flow
CorporateNetwork
HR DatabaseFinance Database
Microsoft Active Directory
Data Center
SmartCenterLog Server
Security Gateway
SmartView Tracker
Logon to Domain- Username- Computer name- IP address
1
Send Logs (WMI)- User name- Computer name- IP address
2
User’s connection
- Source IP address
3
Log:- Source IP address- Destination
4
Log Entry:- Destination Computer name- Source User & Computer name - Source & Destination IP address
5
2424©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
SmartView Tracker Example – Identity auditing
2525©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User / machine identification: Summary
• Bring Identity-based auditing capability to you Check Point logging system
• Leverage existing Check Point management and logging infrastructure: SmartView Tracker and Eventia
• Plug and Play clientless solution (no installations required on endpoints or AD)
• Simple and easy way to audit your users and machines activity on the network
2626©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Real-Time Analysis & Action
Real-Time Analysis & Action
Group By - On-Line Pivoting of Data (no need to export data externally)
New Search Feature Forensics: Drill down from the “big picture” to events, then
use advanced filtering / search / group / sort to go deeper, and finally go to raw logs / packet capture to understand exactly what happened.
2727©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
New Search Feature
2828©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Forensics
2929©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Forensics
3030©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Workflow
Workflow
Open tickets, manage life cycle
3131©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Tickets
3232©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Tickets
3333©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Tickets
3434©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
IPS Specific reports
Overview Page showing everything IPS – Critical Issues, Top Events, Sources & Destinations, Latest Protections
Detailed Hourly, Weekly and Monthly Reports with many categories
IPS Event Analysis reports relating specifically to IPS events.
Share IPS Event & Packet Capture with Check Point Security Research Team
3535©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
IPS Event Analysis reports relating specifically to IPS events.
3636©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Share IPS Event & Packet Capture with Check Point Security Research Team
3737©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Reporting Blade Updates
3838©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Reporting Blade Updates
Reporting Blade Updates
18 new regulatory compliance reports Standard web filtering activity report Additional information available for Endpoint Security
reports
3939©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Compliance Reports
4040©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Standard web filtering activity report
4141©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Endpoint Security reports
4242©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
IPS Software Blade Update
4343©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
IPS Software Blade Update
New Protection Category - Block by Country (called "Geo Protection" in IPS)
Web Intelligence Log improvements Logs now show the original IP addresses of proxied
connections Optional Packet Capture on First Instance of any
Protection Several False Positive Fixes
4444©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Geo Protection
4545©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Multi-Core Licensing
4646©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Multi-Core Licensing
The Check Point Security Gateway software license for multi-core, open server platforms allows you to use less than the number of physical cores on the system. R70.20 will automatically use the number of cores allowed by the license.
4747©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
R70.30 and R70.40
4848©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
What’s new in 70.30 ?
Maintenance HFA Non-English regional formats are now supported in the
map visualization features of SmartDashboard. IPS Event Analysis and Eventia Analyzer. SmartWorkflow reports can now be viewed in Windows 7. It is now possible to use the SSL Network Extender client
to access internal resources behind the Security Gateway, using a client digital certificate that is signed by a subordinate CA. The certificate need not be directly signed by a trusted CA. For example, the certificate can be signed by a CA that belongs to the organization itself, which is in turn signed by a trusted root CA.
4949©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
What’s new in 70.40 ?
The R70.40 Security Management Server can manage: New to be introduced UTM-1 gateway for centrally managed branch offices UTM-1 Edge N Series and Embedded NGX 8.1 Release gateways VSX R67 and includes enhancements to the vsx_util command for improved
user experience and IPSO 6.2 IP appliances with SmartProvisioning, including the ability to
modify Interfaces, Routing, Backup, DNS, Domain Name, Hosts, and Host Names
additional functionality
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Антон Разумов[email protected]Консультант по безопасностиCheck Point Software Technologies
Спасибо!