220 likes | 543 Views
Check Point Software SSL VPN Solutions Technical Overview. Thorsten Schuberth Technical Consultant Nubit 2005. Agenda. Introduction to SSL VPN Solutions Connectra 2.0 New Security Features Integrity Clientless Security (ICS) 3.0 Integrity Secure Browser (ISB) AV Checking
E N D
Check Point SoftwareSSL VPN SolutionsTechnical Overview Thorsten Schuberth Technical Consultant Nubit 2005
Agenda • Introduction to SSL VPN Solutions • Connectra 2.0 • New Security Features • Integrity Clientless Security (ICS) 3.0 • Integrity Secure Browser (ISB) • AV Checking • Enhanced Protection Levels • SSL Network Extender (SNX) • ICS Integration with R55 HFA-12
Web Threat Environment Most cyber attacks and Internet security violations are generated through Internet applications.
Check Point Web Security Portfolio • SSL VPN for Web-based remote access • Connectra, The Web Security Gateway • Unified SSL VPN, Web security, and Endpoint security • SSL Network Extender • Network-level SSL VPN for Connectra & VPN-1 • Web Application Firewall • Web Intelligence • Web Security for Connectra & VPN-1 • Endpoint Security • Integrity Clientless Security • Integrated into Connectra, available for Web applications Bringing Business to the Web Securing the Web for Business
Introducing ConnectraWeb Connectivity with Unmatched Security Web Security Gateway Features • Secure Web-Based Connectivity • Integrated Server Security • Adaptive Endpoint Security • One-Click SSL Extranet • Seamless Network Deployment and Management SSL VPN Integrated Security Easy Deployment
Connectra – The Web Security Gateway Security will be the #1 buying criteria for SSL VPN gateways in 2005 • Key Advantage Today = MOST SECURE • Endpoint Security Integration • Integrated Attack Prevention “Endpoint security integration was the #1 reason we chose Check Point.” - Large Energy Company “Endpoint security is an escalating problem as SSL VPNs go mainstream.” - John Girard, VP of Gartner
Introducing SSL Network ExtenderSecure Network-Level Connectivity over the Web • Network-level connectivity over SSL VPN • Browser Plug-in • Supports all IP-based applications • TCP, UDP, ICMP, FTP, etc. • Integrated with Check Point Gateways • Connectra • Enables native applications support • VPN-1 • Combined IPSec and SSL SSL
Introducing Web IntelligenceProtection for the Entire Web Environment Web application firewall technology for Check Point products. • Advanced Product Features • Malicious Code Protector ™ Patent-pending technology that catches buffer overflow attacks and other malicious code. • Advanced Streaming Inspection Extends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams. • Simple Deployment and Management Built to be quickly deployed to protect Web servers without complex tuning and configuration. • Seamless Integration with Check Point ProductsProvides protection for the entire Web environment. • Included in Connectra • Available as an add-on to VPN-1 gateways • Will be available on InterSpect Web Servers
Introducing Integrity Clientless Security Key Features • Spyware Detection & Remediation • Simple Deployment & Maintenance • Network Access Policy Enforcement • Integrates with Web Applications- Outlook Web Access, Extranet Portals • Integrated with Connectra Key Benefits • Stops ID and password theft, prevents data loss • Makes it easy to secure non-IT controlled PC’s that access the enterprise network • Prevents any non-compliant remote PC from compromising enterprise security
Integrity Secure Browser Configuration • Windows Only Solution • IE Offers Transparent Install • Other Browsers are Supported • Manual Prompt to Install ISB • Mozilla, Netscape & Opera • Subsequent Connections will not require reinstallation
Connectra 2.0 ICS 3.0 Integration • Integrity Secure Browser • ISB will safeguard data in: • Password and Form fields • URL history • cached files • recently-used files • Warns users of potentially unsafe actions • Copy to local Clipboard • Download Files
Protection Level Enhancements • Added Options to require ICS &/or ISB • Enables Access to applications where ICS/ISB support is not currently available • Macintosh & Linux users can now connect even if ICS is enabled
ICS 3.0 Anti-Virus Checking • AV Checking Support for • Trend PC-cillin &OfficeScan • CA eTrust & VET • Symantec Norton Antivirus • Sophos AV • McAfee VirusScan • Zone Alarm Antivirus • DAT file version restrictions • Minimum DAT file version • DAT file creation date should be newer than • DAT file should be no older than <x> days • You can check that the Anti Virus is: • Installed • Installed and running • Custom Error Message for Out of Compliance AV • Shared by all AV Checks
R55 HFA-12 SNX & ICS • R55 SNX Integrated with ICS 2.2 • AV Checking • File/Registry checks • Requirement or Prohibition • Observation Mode remote nodes • Separate Installations of ICS & VPN-1 • Each Product is licensed & purchased independently • Manual Process for updating configuration file on VPN-1 gateways • $FWDIR/conf/extender/request.xml
ICS 2.2 Overview Browser control (ActiveX) sent to users before they log into their web based application. • Scans, identifies, and disables spyware • Displays detected threats and provides removal assistance • Optionally, enforces security policy compliance by preventing network access to PCs that contain screened software, have outdated anti-virus definitions, or are missing other requirements
ICS Integration with SNX • User Presented with ICS Scan prior to authentication • Same ICS scan for all users per gateway • No Protection Level Granularity as with Connectra