1 / 41

CPU 2012

CPU 2012. Eusebio Nieva. Release Map. Release Map. Upgrade. SecurePlatform is so 2011…. One ISO Fits All. Power-1, UTM-1, Smart-1, 4000, 12000 and 21400. IP Appliances ( disk based, diskless and hybrid). Open Servers and VMWare. Full Software Blades Support.

gretel
Download Presentation

CPU 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CPU 2012 Eusebio Nieva

  2. ReleaseMap

  3. ReleaseMap

  4. Upgrade

  5. SecurePlatform is so 2011…

  6. One ISO Fits All Power-1, UTM-1, Smart-1, 4000, 12000 and 21400 IP Appliances(disk based, diskless and hybrid) Open Servers and VMWare

  7. Full Software Blades Support Customers can further realize their investment in IP appliances, with the ability to run all Software Blades

  8. Connection capacity High connection capacity on select appliance models, via the built-in 64-bit firewall

  9. IPv6 • Built-in IPv6 Protocol suite, fully configurable from Web UI and command line shell • Acceleration and Clustering Blade support for IPv6 is included • Dynamic Routing for IPv6 support is on the roadmap • VRRPv3 with IPv6 support is on the roadmap. • No support for inspection Blades

  10. Role-based Administration • Gaia provides a whole new level of privilege management • For example, one administrator can be in charge of network configuration, another administrator in charge of backups, and a third administrator can be limited to system monitoring • Each administrator can be definedwith his or her own role

  11. Authentication • RADIUS and TACACS+ • Up to 15 privilege levels using TACACS+ “enable” mechanism • TACACS+ and RADIUS groups can be linked to RBA

  12. Networking • Two modes of redundancy:ClusterXL HA and VRRP

  13. Networking • Well-known IPSO Dynamic Routing stack, fully integrated into the Gaia Web UI and command-line shell: • BGP • OSPF • RIP • PIM (Sparse mode and Dense mode) • IGMP • Dynamic Routing IPv6 support is on the roadmap. • Built-in DHCP relay agent. Each DHCP client subnet can be configured to have its own dedicated DHCP server. • Built-in DHCP server.

  14. Which one is better?

  15. The GAIA Web portal

  16. Browser Support

  17. Clientless Terminal Window • Launch Terminal Window from WebUI • No Client Software Required

  18. Main Commands • 4 Main Command Operations Set – Sets or changes a system Value Show – Displays a value or values from the system Delete – Removes a set value Add – Adds a new value to the system

  19. Other Operator commands

  20. Database Lock • Only One User Can Edit the GAIA Config at a time • Configuration lock must be taken to use set commands • Use ‘Lock Database Override’ login as: admin This system is for authorized use only. admin@192.0.2.254's password: Last login: Thu Apr 12 10:44:59 2012 CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock. GAIA-GA> lock da GAIA-GA> lock database ov GAIA-GA> lock database override GAIA-GA>

  21. Navigating the Clish GAIA-GA> show inter interface - interface All interfaces - Lists all interfaces GAIA-GA> show interface eth0 eth1 lo GAIA-GA> show interface show interface VALUE alias VALUE show interface VALUE aliases show interface VALUE all show interface VALUE all show interface VALUE ipv4-address show interface VALUE ipv6-address show interface VALUE loopback VALUE show interface VALUE loopbacks show interface VALUE monitor-mode show interface VALUE vlans show interface VALUE { comments mac-addrmtu state speed duplex auto-negotiation type } show interface VALUE { ipv6-autoconfig } show interface VALUE { statistics } GAIA-GA> Press tab Press Space Tab Press ‘ESC’ ‘ESC’

  22. Which Shells are available? • /etc/cli.sh – default shell of all users full GAIA CLI (clish). • /bin/bash, /bin/csh, /bin/sh, /bin/tcsh – Standard Linux shells, running ‘clish’ returns to GAIA CLI • /usr/bin/scponly – User can run SCP but nothing else • /sbin/nologin – User is not allowed to log in. • /bin/bash is required for SCP copies to and from the gateway

  23. What’s Next? • ADP hardware acceleration • Port Based Routing • NetFlow • IPv6 Dynamic Routing • VRRPv3 – support for IPv6 • MultiQ??

  24. SmartLog

  25. Log Management Challenges Reasons for Collecting Logs What are the main reasons for collecting log data? Track suspicious behavior and prevent security incidents 64% Support forensics analysis 46% Meet compliance requirements 43% Detect/track suspicious behavior and prevent incidents is the top reason to collect logs SANS Analyst Program SANS Annual Log Management Survey Report, 2011

  26. Log Management 1.0 Filtering one log file at a time A better way is available

  27. Introducing Check Point SmartLog Simple and intuitive Google-like search • John Smith drop

  28. Check Point SmartLog – Improved Logging and Status Blade Transforms Data Into Security Intelligence Intuitive, Google-like Search Experience Proactive Security Investigation Part of Check Point Security Management

  29. Check Point SmartLog • Split-second Google-like search provides visibility over billions of log records • Split-second search results • x100 faster than SmartView Tracker • High performance index searches • Independent index engine • John Smith drop Google-like textual search • Tuned for large scale environments • Track logs across weeks and months • Simultaneous investigation across • Multiple log files • Management domains • Geographies

  30. How SmartLog Works SmartLog Server 2 3 SmartLog Server reads logs from Log File and builds/ updates log index Admin search queries (via SmartLog Console) are executed on SmartLog index 1 Log are sent from Security Gateways to Security Management Log Server and stored in log file John Smith… Security Management

  31. Unified Log Search and Investigation Find Communication Patterns • Accesses multiple log files (not just one file at a time) • Multiple index files • Only limited by disk size • More logs = longer time horizon • Logs from multiple domains • Can create more indexes

  32. Enhanced Enterprise Visibility • Find patterns for proactive security investigation Track and monitor logs over weeks and month Unified Log Search in Multi-Domain Management Investigate logs across log files, geographies, and log servers

  33. Integral Component of Security Management • Centrally track activity across all Software Blades and multiple domains Threat Prevention logs IPS or Anti-Bot or Anti-Virus High bandwidth tagged applications high bandwidth application All dropped connections for user John Smith drop or reject or blocked and more…

  34. SmartLog Sizing for Smart-1 Appliances • Sizing Guidelines - Logs per Day with 1 Month Retention * Logs plus SmartLog indexes ** Retention period based on available storage and includes both logs and SmartLog indexes

  35. SmartLog Deployment 2 Different Deployment Options • Upgrade existing Check Point security management server or log server • Add a separate SmartLog server with minimal impact on production system

  36. SmartLog in SmartDomain manager

  37. Multi-Domain Deployment Elements Domain with Log Server equal or above R70.50, R71.50 or R75.30 SmartLog Server Logging and Status R75.40 Client User Interface SmartConsole R75.40 Multi-Domain Security Management

  38. SmartLog FAQ #1 • Does SmartLog create an additional copy of the logs? • When installed on-top of a logs server it will store indexes with pointers to the log entry. The indexes will use some extra disk space (20-50% off the raw log size). • When installed on a dedicated server it will ALSO hold a copy of the indexed logs on that server. • Is it supported to install SmartLog on a MDM/MLM? • Yes, but SmartLogcan require a lot of resources so be careful when recommending this.

  39. SmartLog FAQ #2 • Can you open SmartDashboard and go to IPS protections, AppCtrl rules etc with SmartLog like you can with SmartView Tracker? • In the current version you cannot but this feature is planned for the release version. • Can you view IPS and AntiBotpcap files in SmartLog? • No - this is planned for a later release.

  40. Summary Check Point SmartLog Transforms Data Into Security Intelligence Intuitive, Google-like Search Experience Proactive Security Investigation Part of Check Point Security Management

  41. Additional questions?

More Related