500 likes | 693 Views
Что нового появилось после выхода R70. Антон Разумов arazumov@checkpoint.com Консультант по безопасности Check Point Software Technologies. R70 introduced with:. R70.1. Introducing R70.1. SmartWorkflow blade Hardware monitoring Various features GUI enhancements.
E N D
Что нового появилось после выхода R70 Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies
Introducing R70.1 • SmartWorkflow blade • Hardware monitoring • Various features • GUI enhancements
Introducing SmartWorkflow • Check Point’s SmartWorkflow software blade automates security policy change management • Enforces a formal process of tracking, approving and auditing security policy changes • Reduces errors by providing granular visibility into policy changes • Enhances compliance through audit trails and built-in role segregation • Aligns to an organization’s existing change management approval process • Streamlines change management increasing operational efficiency • One-stop, total policy lifecycle management integrated into SmartDashboard
R70.1 SmartWorkflowplanned for R70.1 • Smart Workflow • Automatic security database revisions • Highlighting the changes in SmartDashboard • Allowing visual navigation between the changes • Allow discarding the changes and returning back to the previous database revision. • Allow generating change comparison report • Audit trailing change
R70.1 HW monitoring: Hardware Health Monitoring Capabilities • RAID Health: Monitor the health of the disks in the RAID array, and be notified of the states of the volumes and disks. The information is available via SNMP. • Sensors: Monitor fan speed, voltages, and temperatureson the hardware. The information is available via SNMP and, for Check Point appliances, also via the SecurePlatform Web interface.
R70.1 additional features: • Link Aggregation 802.3ad • Both interfaces need to be connected to the same switch when aggregating • Up to 8 NIC’s in a bond • No limit besides the SPLAT limit of 1015 total interfaces • Both HA and LS are supported • Ability to set IP address trough LCD • Changed URLF filter database provider • Remote Deployment Tool(USB based tool to allow initial OS configuration)
R70.1 GUI enhancements • Quick Add Object - Allows you to easily find and insert objects into the Security Rule Base • Where Used > Go To - Allows you to jump from the Where Used window to the locations it references. • Easily View Group Members - When hovering over a Group in the Rule Base, a tooltip displays the Group members. • Extended Clone Functionality - The Clone functionality, which allows creating a new object based on an existing one, is extended to include Services, IP ranges, Group objects, etc. • Read Only State for Object Properties - In numerous key fields of the object properties it is now possible to copy the text of the fields while in ‘Read-only’ state. • Delete Multiple Database Versions – While in the Database Revision Control window, it is possible to select multiple Database Versions and delete them at once.
Moving on to R70.20, what’s new: • Event Correlation & IPS Event Analysis Software Blades Update • Reporting Blade Updates • IPS Software Blade Update • Multi-Core Licensing
New Real Time Views & Simplified Events Processing • Timeline View • Charts View • Maps View • Group By – Real Time Pivots and Graphs for Data • User / machine identification
User / machine identification: The challenge Network and Security events analysis • Ability to identify users and computers passing through the firewall • Distinguish between corporate and unmanaged devices • Traffic monitoring and network maintenance
User / machine identification: The Solution Identity-based Auditing • Introducing new Check Point firewall capability to provide Identity-based auditing • Present user and machine identity in the firewall logs • Leveraging Check Point SmartView Tracker and Eventia logging solutions • The identity information is based on Microsoft Active Directory integration User and machine identity in Check Point SmartView Tracker
User / machine identification: The use case Bring Identity Awareness to your Check Point firewall • Security and compliance audit • Troubleshooting network issues • Ability to distinguish corporate and unmanaged assets • Helpdesk and maintenance • Analyzing network usage
User / machine identification: How it works • User and Computer Identity is obtained from Active Directory (AD) security event logs • The gathered AD log information is used to build an association map that is referenced for enriching Check Point logs with the AD username and computer name based on users’ IP address. • Check Point Log Server uses WMI protocol to communicate with Active Directory • Supported in SmartCenter management from R70.2 • SmartView Tracker • Eventia Reporter and Analyzer • Does not require any installations on Active Directory server • Leverage your existing security gateways, no upgrade is needed
User / machine identification: Flow 3 Data Center HR Database 1 • Logon to Domain • Username • Computer name • IP address Finance Database Corporate Network User’s connection - Source IP address Microsoft Active Directory Security Gateway 2 • Send Logs (WMI) • User name • Computer name • IP address 4 • Log: • Source IP address • Destination SmartCenter Log Server • Log Entry: • Destination Computer name • Source User & Computer name • Source & Destination IP address 5 SmartView Tracker
User / machine identification: Summary • Bring Identity-based auditing capability • to you Check Point logging system • Leverage existing Check Point management • and logging infrastructure: • SmartView Tracker and Eventia • Plug and Play clientless solution • (no installations required on endpoints or AD) • Simple and easy way to audit your users • and machines activity on the network
Real-Time Analysis & Action Real-Time Analysis & Action • Group By - On-Line Pivoting of Data (no need to export data externally) • New Search Feature • Forensics: Drill down from the “big picture” to events, then use advanced filtering / search / group / sort to go deeper, and finally go to raw logs / packet capture to understand exactly what happened.
Workflow Workflow • Open tickets, manage life cycle
IPS Specific reports • Overview Page showing everything IPS – Critical Issues, Top Events, Sources & Destinations, Latest Protections • Detailed Hourly, Weekly and Monthly Reports with many categories • IPS Event Analysis reports relating specifically to IPS events. • Share IPS Event & Packet Capture with Check Point Security Research Team
IPS Event Analysis reports relating specifically to IPS events.
Share IPS Event & Packet Capture with Check Point Security Research Team
Reporting Blade Updates Reporting Blade Updates • 18 new regulatory compliance reports • Standard web filtering activity report • Additional information available for Endpoint Security reports
IPS Software Blade Update • New Protection Category - Block by Country (called "Geo Protection" in IPS) • Web Intelligence Log improvements • Logs now show the original IP addresses of proxied connections • Optional Packet Capture on First Instance of any Protection • Several False Positive Fixes
Multi-Core Licensing • The Check Point Security Gateway software license for multi-core, open server platforms allows you to use less than the number of physical cores on the system. R70.20 will automatically use the number of cores allowed by the license.
What’s new in 70.30 ? • Maintenance HFA • Non-English regional formats are now supported in the map visualization features of SmartDashboard. • IPS Event Analysis and Eventia Analyzer. • SmartWorkflow reports can now be viewed in Windows 7. • It is now possible to use the SSL Network Extender client to access internal resources behind the Security Gateway, using a client digital certificate that is signed by a subordinate CA. The certificate need not be directly signed by a trusted CA. For example, the certificate can be signed by a CA that belongs to the organization itself, which is in turn signed by a trusted root CA.
What’s new in 70.40 ? • The R70.40 Security Management Server can manage: • New to beintroduced UTM-1 gateway for centrallymanagedbranch offices • UTM-1 Edge N Series and Embedded NGX 8.1 Release gateways • VSX R67 and includesenhancements to the vsx_util command for improved user experience and • IPSO 6.2 IP applianceswith SmartProvisioning, including the ability to modify Interfaces, Routing, Backup, DNS, Domain Name, Hosts, and Host Names • additionalfunctionality
Спасибо! Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies