Checkpoint Firewall

Prepared By - Vinod Rathi

Division - GIS
Team - MNS

CSC Private
Day One Session
Objective

• Definition of firewalls

• Overview of Firewall Security Technologies

• Planning Firewall Installation

• Installing Firewall-1 (Checkpoint Firewall)

CSC Private
 Introduction to Firewalls

What is a Firewall

• A device that allows multiple networks to communicate with each

other with defined security policy

• A system designed to prevent unauthorized access to or from

Private Network

• Used when networks with varying level of trust exists.

CSC Private
 Different Types of Firewalls
Packet Filter

• Filters traffic at the network and transport layer of the TCPIP

model

• Looks at the source and destination ip address, protocol

number, source and destination ports

• Static in nature. Completely based on the filter defined on the

device.

• Difficult to maintain. As the access filter grows in size, even

an expert could have difficulty in maintaining the filter.

CSC Private
ALG or Proxy Firewalls

• Takes requests from clients and connect to servers based on clients

behalf

• It is usually specific to network service and hence can fully be aware

of the sessions.

• Provides content screening, authentication and caching service.

• Consumes more memory and CPU cycles than traditional packet

filters.

• Not all applications works with proxy.

CSC Private
Stateful Inspection

• Combines best features of Stateful packet filtering and application

layer gateways

• State engine rests between the data link layer and network layer

• Understands how specific protocols (eg http, ftp, telnet) operate

• Maintains state session table for all connections going through the
firewall.

• Makes security policy decisions based on the contents and context of

the packet.

CSC Private
What firewall cannot do ?

• Malicious use of authorized service.

• Users not going through the firewall
• Social Engineering
• Flaws in the host operating system
• Any threats that may occur.

CSC Private
What kind of firewall is Firewall-1 (Checkpoint)

• Firewall -1 is a Stateful inspection firewall

• Uses Stateful inspection and application proxy

• Supports VPN (Site-2-Site, Client-2-Site)

• Provides content filtering using 3rd Party Products

• Policy based NAT (biggest advantage and ease of use)

• Enterprise wide policy management.

CSC Private
• High Availability (commonly known as HSRP or failover)

• INSPECT (modifying firewall state engine parameters)

CSC Private
Planning Firewall-1 Installation

Following points should be considered before installing Firewall -1

• Document what your network looks like

• Generate network-map and define major points of interest and

how they logically connect.

• Note : Since Firewall-1 is a perimeter device, it can be best

utilized and is effective when the number of entry-exit points
are limited.

• Identify different zones of trust.

CSC Private
Developing a Site-Wide Security Policy

• Security Policy – A written document simple to read and clearly

states what resources to protect and conditions for providing or
denying access.

• Lays overall foundation of how an organization approaches

security issues.

• What Who and How

• What are your important resources to be protected
• Who is responsible for those resources
• How an organization protects those resources

• Senior Management Buy-in

CSC Private
Questions

CSC Private