1 / 54

Instructor Slides

Workshop. Check Point vSEC for Microsoft Azure. Instructor Slides. Preface. Course Layout Course Chapters and Learning Objectives Sample Setup for Labs. Course Layout. The following professionals benefit best from this course: Check Point Certified System Administrators Support Analysts

florj
Download Presentation

Instructor Slides

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Workshop Check Point vSEC for Microsoft Azure Instructor Slides  [Protected] Distribution or modification is subject to approval ​

  2. Preface • Course Layout • Course Chapters and Learning Objectives • Sample Setup for Labs  [Protected] Distribution or modification is subject to approval ​

  3. Course Layout • The following professionals benefit best from this course: • Check Point Certified System Administrators • Support Analysts • Network Engineers  [Protected] Distribution or modification is subject to approval ​

  4. Course Chapters 1 2 3 Microsoft Azure Azure Deployment and Licensing + Lab The Check Point vSEC Security Solution + Lab  [Protected] Distribution or modification is subject to approval ​

  5. Sample Setup for Labs  [Protected] Distribution or modification is subject to approval ​

  6. Lab 1.1: Navigating Azure • Create navigation shortcuts in the Microsoft Azure Portal. • Navigate various products in the Microsoft Azure Portal. LAB BREAK  [Protected] Distribution or modification is subject to approval ​

  7. Lab 1.2: Building the AWS Environment • Create an Azure virtual network. • Configure two additional subnets for the virtual network. • Deploy and configure a Check Point R80 management server. • Deploy and configure a Check Point vSEC cluster. • Create a web server and an associated route table. • Configure routes in the route table. LAB BREAK  [Protected] Distribution or modification is subject to approval ​

  8. Chapter 1: The Check Point vSEC Security Solution • Understand cloud computing and the advantages of deploying resources into a virtualized datacenter. • Discuss the various security challenges facing virtual environments and data centers. • Understand how Check Point vSEC protects virtual environments and data centers.  [Protected] Distribution or modification is subject to approval ​

  9. Cloud Computing

  10. Understanding Modern Data Center Security Challenges Lateral threats Dynamic changes Complex environments

  11. Understanding Modern Data Center Security Challenges Lateral threats Dynamic changes Complex environments

  12. Understanding Modern Data Center Security Challenges Lateral threats Dynamic changes Complex environments

  13. Securing the Environment with vSEC • vSEC for Private Cloud • vSEC for Cisco ACI • vSEC for Vmware NSX • vSEC for OpenStack • vSEC for Public Cloud • vSEC for AWS • vSEC for Google Cloud Platform • vSEC for Microsoft Azure • vSEC for Virtual Data Center • vSEC Virtual Edition (VE)

  14. Securing the Environment with vSEC Protection against lateral threats Adaptive to dynamic changes Unified management

  15. Securing the Environment with vSEC Protection against lateral threats Adaptive to dynamic changes Unified management

  16. Securing the Environment with vSEC Protection against lateral threats Adaptive to dynamic changes Unified management

  17. Main Components vSEC Controller Server vSEC Gateway

  18. Review Questions Name three platforms that support Check Point vSEC for Private Cloud. vSEC for Cisco ACI, vSEC for VMware NSX, and vSEC for OpenStack support Check Point vSEC for Private Cloud.

  19. Review Questions What are some ways Check Point vSEC protects virtual environments? It performs Stateful Inspection of traffic between virtual machines using Firewall and protects data centers from threats and attacks using Threat Prevention technology. With Threat Prevention Tagging, vSEC quickly identifies, tags, and quarantines infected hosts in the network by tagging the hosts and sharing the threat information with the cloud controller. Integration with popular cloud infrastructure vendors allows vSEC to easily import configurations and incorporate them into Check Point Security Policies. With real-time context sharing, changes are automatically tracked and Security Policies are applied regardless of the host.

  20. Review Questions What are the two main components of a Check Point vSEC security solution? The two main components are vSEC gateway and the Security Management Server with vSEC controller.

  21. Chapter 2: Microsoft Azure • Understand how Microsoft Azure products and services can be used to build a virtual environment secured by Check Point vSEC.  [Protected] Distribution or modification is subject to approval ​

  22. Using Microsoft Azure • Check Point vSEC for Microsoft Azure • One console for consistent policy and threat visibility across the entire infrastructure. • Safeguards against data and infrastructure breaches while maintaining the ability to securely connect mobile users to their network.

  23. Using Microsoft AzureProducts Provision private networks, optionally connect to on-premises datacenters Virtual Networks Virtual Machines Resource Groups Network Security Groups ExpressRoute

  24. Using Microsoft AzureProducts Provision Windows and Linux virtual machines Virtual Networks Virtual Machines Resource Groups Network Security Groups ExpressRoute

  25. Using Microsoft AzureProducts Organize and collectively manage resources Virtual Networks Virtual Machines Resource Groups Network Security Groups ExpressRoute

  26. Using Microsoft AzureProducts Secure resources Virtual Networks Virtual Machines Resource Groups Network Security Groups ExpressRoute

  27. Using Microsoft AzureProducts Dedicated private network fiber connections to Azure Virtual Networks Virtual Machines Resource Groups Network Security Groups ExpressRoute

  28. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  29. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  30. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  31. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  32. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  33. Using Microsoft AzureFeatures { "properties": { "parameters": { "allowedLocations": { "type": "array", "metadata": { "description": "The list of locations that can be specified when deploying resources", "strongType": "location", "displayName": "Allowed locations“ } } }, "displayName": "Allowed locations", "description": "This policy enables you to restrict the locations your organization can specify when deploying resources.", "policyRule": { "if": { "not": { "field": "location", "in": "[parameters('allowedLocations')]“ } }, "then": { "effect": "deny“ } } } } Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  34. Using Microsoft AzureFeatures Azure Resource Explorer Azure Resource Manager Templates Tags Activity Logs Customized Policies Public IP Addresses

  35. Access Control • Role-Based Access Control (RBAC) consists of: • Role definition • Role assignment • Pre-defined roles: • Owner • Contributor • Reader • User Access Administrator

  36. Access ControlAdministrator Roles • Billing administrator • Compliance administrator • Security administrator • Service administrator • User account administrator

  37. Review Questions Describe two common Azure products used by a System Administrator to build a virtual network. Azure virtual machines are one of the main resources in an Azure environment. They can represent on-premises servers or be used to scale up to the cloud to balance resources (also referred to as load balancing) and reduce costs. A template defines the structure and configuration of an Azure solution. Using a template makes it possible to repeatedly deploy a solution throughout its lifecycle with consistency. After selecting a solution from the portal, Azure automatically provides a deployment template that can be customized to customer needs.

  38. Review Questions What is the purpose of a resource group? A resource group is a collection of related resources. It allows you to deploy, manage, or edit resources in one action.

  39. Review Questions What are some measures a System Administrator can take to secure their Azure virtual network? A Network Security Group (NSG) secures access to publicly exposed resources using network security rules that determine if inbound or outbound traffic is allowed or denied. The Azure Resource Manager provides control over who can execute specific actions for an organization. It natively integrates Role-Based Access Control (RBAC) with the management platform and extends access control to all services in an organization.

  40. Chapter 3: Azure Deployment and Licensing • Understand how to plan and deploy a Microsoft Azure virtual network. • Recognize the two elastic licensing options for Check Point vSEC for Microsoft Azure.  [Protected] Distribution or modification is subject to approval ​

  41. Deployment • What Azure locations will host virtual networks? Available locations include various regions of Australia, Asia, Canada, Japan, Korea, UK, and the US. • Is it necessary to provide communication between the Azure virtual network(s) and on-premises datacenter(s)? • Is it necessary to isolate traffic based on groups of virtual machines, such as a group of front end web servers and a group of back end database servers? • Is it necessary to control traffic flow using virtual appliances? • Do users need different sets of permissions to different Azure resources?

  42. DeploymentExample

  43. DeploymentDeployment Methods • Deployment Methods: • Azure Portal • Azure PowerShell • Azure CLI

  44. Elastic LicensingBring Your Own License • Based on the number of cores used across all gateways in the private or public cloud environment • Ideal for multiple on-premise and/or cloud-based vSEC gateways • Floating license - customer can determine how cores are distributed among gateways

  45. Elastic LicensingPay As You Go Only available for AWS and Azure Priced at hourly or annual rate Includes Check Point Software Blades and standard support Does not include cost of the virtual compute

  46. Virtual Machine Scale Sets • Easy creation through the Azure Portal • Simple scaling properties • Integrated autoscale • Azure Resource Manager integration • Integrated load balancing • REST, SDK, and CLI support • Built-in high availability • Support for manual roll out of OS image updates without downtime

  47. Autoscaling

  48. AutoscalingConfiguring Autoscaling Azure Autoscale Custom solution Third-party services

  49. Virtual Machine Scale Sets and Autoscaling Use Cases RDP/SSH to Scale Set Instances Connect to Virtual Machines Using NAT rules Connect to Virtual Machines Using a Jumpbox

  50. Review Questions What are some important questions to answer when planning an Azure virtual network? What Azure locations will host virtual networks? Available locations include various regions of Australia, Asia, Canada, Japan, Korea, UK, and the US. Is it necessary to provide communication between these Azure locations? Is it necessary to provide communication between the Azure virtual network(s) and on-premises datacenter(s)? Is it necessary to isolate traffic based on groups of virtual machines, such as a group of front end web servers and a group of back end database servers? Is it necessary to control traffic flow using virtual appliances? Do users need different sets of permissions to different Azure resources?

More Related