Introduction to FIREWALL
-As business are growing exponatitally in both in local and global markets, it becomes crucial for organization to secure data used in production and operations.
-As the data going to travel throght a public infrasture that is internet which is open for every body mostly for hackers and they can take advantage by snnifing or penetrating inside the data flowing through in and out in organzation for their perasonl benefits/malicious activity and that’s where firewall is used.
-As the technology is improving day by day we also need to have an advance inspection policies to be enforced to protect our crucial data by providing an enhanced optimized perimeter security applicance.
-Fireall could be a hardware or a software used to filter malicious traffic between the trusted and untrusted zone by going throgh the number of security policies enforced by an administator proactively,where the
(Intranet/Internal network) is configured to be the most secure zone where as a the ouside zone (Internet/External network) is considred as a least secure zone.so basically a Firewall mostly act as a paremnet security gateway which is closly assosiated with routers,In fact the firewall can also perform routing functions and can also can be configured as a internet gateway.
-Most of the firewall are also used in conjunction with IPS in order to filter traffic based on signatures and can also perform anamoly detection which can be used to protect from DOS/DDos Attack by monitoring unusal behaviour of packets.
Types of Firewall
There are 3 types of Internet firewalls
-Following technologies to permit or deny network traffic :
1.Packet Filtering.
2Statefull Inspection.
3.Application Intelligence.
For Free Demo classes Call: 7798058777
Registration Link: Click Here!
PACKET FILTERING
-Packet Filtering Firewall used to filter traffic based on network layer and trasport layer only based on permit and deny statements.
-But it doesnot filters the Application Layer traffic and can not be used for deep packet inspection.
-It Can be deployed in a samll oraganization which mostly does not deal with application based traffic and also fails to provide statefull inspection as it does not maintain state / Connection table for traffic going between interfaces.
-Advantages – Application Independence, High Performance, and Scalability.
-Disadvantages – Low Security, No Screening above network layer. (No state or application context information). These are least secure type of Firewall
STATEFUL FIREWALL
-Checkpoint is first organization to devlop statefull inspection firewall technology,where state of the packet is maintain in a state/connection tabel with time stamp and the interior communication stack like sip, dip sport dport transport layer protocol.
-Statefull Fw also mantaion upper layer information in the state tabel.
-Advantages:- Good Security, High performance, Extensibility, Transperency.
-Checkpoint’s inspect enginis the mechanism used for extracting the state related information from all the application layers and maintains this information in these dynamic state tables.
-Inspect Engin enforces security policies on the security gateway on which they reside.
-Statefull Inspection was invented on the basic of NAT which was invented in 1993.
APPLICATION FIREWALL
-It is a set of Advanced Capabilities, integrated into the firewall and IPS, which detect and prevent application attacks like cross site scripting ,sql injection .
-Its primarily works with application layer defences.
-The security gateway integrates both network and application level protection by combining Stateful inspection and application intelligence. -Example : – Barracuda web Application firewall,web security Applicance
CHECKPOINT OVERVIEW
-Check Point is an Israeli information security software company.
– Founded by Ramat Gan, of Israel (1993)
-Checkpoint products are installed on 80% of fortune 100 companies.
-Checkpoint implements a complete security solution with enterprise management of the complete network.
– Checkpoint Firewall-1 uses the stateful inspection technology.
Checkpoint Architecture
These are the primary components of a Check Point firewall solution:
1.Security Gateway–
Security gateway is the engin that enforces the organizational security.
Security gateway is entry point to private network .
Security Gateway is managed by SMS(Security Management Server)
2.Security Management Server –
-Security management server is where the security policies are created and pulls thoese polices and pushed thoese policies to security Policies.
For Free Demo classes Call: 7798058777
Registration Link: Click Here!
3. R80 SmartConsole –
– R80 SmartConsole is a Check Point GUI application used to manage security policies, monitor products and events.
-SmartConsole install updates, provision new devices and appliances, and manage a multi-domain environment.
Software Blades in Checkpoint-
1 .Firewall-
This blade Creating a Strong Firewall Security Policy
Configuring the NAT Policy .
2.Mobile Access-
Mobile Access Remote Access to the Network .
3.IPsec VPN-
Ipsec VPN Creating VPN Policies.
4.Identity Awareness-
It add Users to the Security Policy .
5.URL Filtering-
URL Filtering defining an Internet Access Policy.
6.Application Control-
Application control defining an Internet Access Policy
7.IPS-
IPS defending against Network Intrusions .
8.Anti-Bot-
Anti-Bot is threat Prevention Policies
9.Anti-Virus-
Anti-Virus is threat Prevention Policies
10.Anti-Spam-
Anti-Spam is threat Prevention Policies
11.Data Loss Prevention-
Data loss Prevention Securing Data .
12.Advanced Networking & Clustering –
Advanced Networking & Clustering is for Maximizing Network Performance.
13.Logging and Status SmartEvent-
Logging will help Monitoring and Logging.
Preventing IP Spoofing
-IP spoofing replaces the attackers IP address with a fake ip address from accessing your network.
-Attackers use bots and malware to Private network for DOS Attack for unauthrized access.
-Anti-Spoofing detects the packet with an IP address that is behind a certain interface, arrives from a different interface. once detected Anti sppofing block that packet.
Types of Rules
1.Explicit Rule-
-The Rules which are configured by administator on the basis of requiredmnets.
2.Implied Rule-
-The deafult rule which are alredy present in global properties which we can not edited.
-we can only change the sequence in the rule base.
1.First-It Applied first before explicit or implied
2.Last-It Applied last after explicit or implied but before Clean-up rule
3.Before Last- It Applied before the last explicit rule in the Rules.
4.Implicit cleanup rule
-Clean-up rule is default rule CATCH ALL traffic which does not match with implicit and explicit rule.
For Free Demo classes Call: 7798058777
Registration Link: Click Here!
Call the Trainer and Book your free demo Class for now!!!
© Copyright 2019 | Sevenmentor Pvt Ltd.
Check point and firewall this technology is important to learn. Dnyaneshwari mam is best teacher to teach check point and firewall. Mam has best knowledge and clear the all queries. Thank you mam
Best blog give best information