By: Sheane Jayne
June 10, 2020
Getting Started With Check Point
By: Sheane Jayne
June 10, 2020
Technical learners or professionals look forward to new hardware products to explore and test. Excitement usually kicks in when unboxing the new Check Point Gateway. Following a user guide and eager to get started, all initial setups are done. The device is up and running – what next?
A great place to start is the Check Point Jump Start course. This detailed and informative course helps learners develop their knowledge and skill on Check Point firewalls, and enables them to have hands-on experience with the product as they explore the fundamental features of successfully running their new firewall. The course covers Check Point Infinity solution, deploying security management and security gateways, creating security policies, logs and monitoring, and support and certifications.
Cyber attacks over the years
Since the adoption of home computers in the 1980s, the first generation of attacks (computer viruses at the time) was born. Alongside the attacks came industries that specialized in counteracting these attacks, aiming to mitigate or completely eradicate the threats that potentially caused harm to an organization or the end-user. Over the years, as the Internet became more popular and technologies developed to enable convenience, new generations of attacks also arose with the boom of security industries.
As of the date of this article, it is now the Gen-V (5th Generation) of cyber attacks. Sophisticated hacking tools exist, enabling malware to become more complex and intelligent enough to hide in systems or networks while taking down large-scale enterprises by exploiting vulnerabilities and causing major damages.
Introducing Check Point Infinity
Check Point Infinity Architecture is a consolidated security architecture that focuses more on providing full threat protection across IT environments such as networks, cloud, endpoints, and mobile platforms. Check Point Infinity incorporates valuable features, which include:
Consolidated Security Management: A GUI-based platform that enables the administrator to have centralized access and control over the enforced security policies and technologies that have been applied to their IT applications and infrastructure. Administrators will also be able to monitor and respond to continuous security threats detected by the system.
Check Point ThreatCloud: ThreatCloud gathers updated security events and threats to create a shared intelligence database to be automatically disseminated among Check Point users. This database enables administrators to have a continuously updated centralized threat intelligence system and protection from ongoing security events and threats. Using an emulated environment, ThreatCloud performs behavioral analysis for unknown files and applications.
Check Point SandBlast: A suite of "advanced threat prevention technologies" and zero-day attack protection in real-time. Some of the technologies include:
Threat emulation: Detects possible malware at CPU & Operating System levels;
Threat extraction: Potentially removes dangerous files or programs;
Zero phishing: Prevents sensitive information like credit card details or credentials to be shared with untrusted sources; and
Zero ransomware: Monitoring suspicious activities and executes remediation takes place if any untrusted changes were made.
Check Point Security Management Architecture
This 3-tier security architecture is composed of the SmartConsole, Security Management Server, and Security Gateway. The SmartConsole is a Windows-based GUI application used by administrators to perform actions such as creating and managing security policies, monitor events, and install new updates. These changes are then communicated to the security management server, a centralized system where official copies of updated security policies and configurations are stored. When instructed, the security management server will then communicate updated security policies to each security gateway. Security gateways also send logs to the security management server by default.
Secure Internal Communication (SIC) enables trusted communications between Check Point gateways using certificates to authenticate between peers, encryption to enforce the confidentiality of data between peers, and integrity checks. The Internal Certificate Authority is created by the management server when initialized to issue digital certificates for Check Point gateways, VPN establishments, and remote access.
Gaia is the operating system platform for Check Point products. Like many operating systems nowadays, it has both a command-line interface and a web user interface (WebUI). For easy configuration and visual understanding, WebUI is used throughout the course. To cater to different administrative users, Check Point has two WebUI modes. Basic and Advanced. Check Point Security Management and Gateways's features and navigation controls are covered in great technical detail in the course.
What is the Check Point Security Management Server?
A single unified management console allows administrators to have easy-to-use access, control, and management to security policies. It also includes a visual dashboard of security events and potential threats with real-time capabilities. Administrators can also automate routine tasks for them to work efficiently on other important tasks. Another great feature of Check Point Security Management is its ability to support multiple simultaneous administrative user access sessions.
Although it is usually recommended for each administrator to have specifically controlled privilege access, some administrators or administrative groups will have the same user privileges. When these administrators are logged in at the same time, and one administrator makes a change to a security policy, the security management will lock this unsaved change from the other administrators to restrict them from editing the same policy and prevent the risk of conflicting changes. Only when the policy is saved and published will the other administrators will be able to see this new change.
Check Point Gateways
These gateways are also called Next-Generation-Firewalls (NGFW), capable of inspecting and controlling traffic from the network layer, transport layer, and application layer of the OSI model. Gateways have a firewall kernel module that places itself between the OSI model layers 2 (data link) and 3 (network layer) to examine incoming and outgoing packets by cross-referencing enforced security policies to determine whether to permit or deny certain traffic. Stateful inspection was a technology developed by Check Point to monitor the state of a TCP or UDP session. Check Point firewalls, able to inspect up to the application layer, include in-built features such as URL filtering and antivirus scanning.
Gateways rely on Security Management Servers to manage them. Two deployment options can be set up: standalone deployment, where the Security Gateway and Security Management server are on the same appliance, and the distributed deployment, where the Security Management Server is hosted on a different appliance from the Security Gateway. The standalone option is used for small deployments or by firms with budget restrictions, but the distributed option is commonly deployed.
Check Point JumpStart gets into specific technical details about networking concepts and firewall technologies, so it is best to have some basic knowledge and understanding of topics such as the OSI model, security zones, and packet filtering. Check Point Security Management Server and Gateway features will be discussed and demonstrated using Check Point WebUI to enable visual and kinesthetic learning experiences. Additionally, learners will also know about other Check Point solutions and products offered via their Infinity architecture to consider other valuable security packages that can work efficiently with their new security gateway.