Presentation is loading. Please wait.

Presentation is loading. Please wait.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland."— Presentation transcript:

1 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland

2 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 2 Agenda Check Point - The Company Check Point - The Company VPN-1 Solutions VPN-1 Solutions Enterprise Management Solutions Enterprise Management Solutions Performance & Availability Performance & Availability UserAuthority UserAuthority

3 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 3 Mission Make the Internet Secure, Reliable, and Manageable

4 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 4 Check Point Facts History History  Founded June 1993  IPO June 1996  Strong growth in revenues and profits Global market leadership Global market leadership  62% VPN market share (Gartner Group, 2001)  42% firewall market share (#1 Position - IDC, 2001)  De-facto standard for Internet security Strong business model Strong business model  Technology innovation and leadership  Technology partnerships  Strong and diversified channel partnerships

5 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 5 Check Point Today Financial Strength Financial Strength  25 consecutive quarters of income/revenue growth Market Leadership Market Leadership  186,000+ Installations  80,000+ VPN Gateways  63 Million+ VPN Clients  68,000+ Customers  1,500+ Channel Partners  300+ OPSEC Partners $ Millions

6 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 6 Management VPN / Security Performance / Availability Policy-based Management O P S E C FireWall-1 VPN-1 Product Family - Gateway - SecuRemote - SecureClient - SecureServer Certified Appliances VPN-1/FW-1 Small Office Check Point RealSecure Provider-1 Meta IP User Authority Account Management Open Security Extension Reporting Certificate Manager FloodGate-1 QoS VPN-1 Accelerator Card High Availability Module Connect Control Stateful Inspection SVN Solutions Many solutions - one architecture

7 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 7 The OPSEC - Best Of Breed Integration Content Security Intrusion Detection High Availability Authentication ServersSwitchesRouters Security Appliances Service Providers Security Software Policy Consoles Accel. Engines OPSEC Protocols and APIs Event Anal. & Reporting Others Check Point Product Solutions Check Point Policy-Based Management CVPUFPSAMPLEAOMIRADIUSLDAPUAMOthers PKI & Directories

8 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 8 Physical Assets Virtual Corporation Private Network Internet Backbone Single Site Distributed Network Restrict Access Secure Access Prevent Losses Generate Revenue The New Role of Security The New World

9 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 9 Fixed Line Dial-Up Broadband Wireless Fixed Line Dial-Up Broadband Wireless Corporate Office Branch Office CustomersCustomers PartnersPartners SuppliersSuppliers Extended WorkforcesExtended Workforces Mobile EmployeesMobile Employees Networks LAN/WANLAN/WAN Broadband Wireless Broadband Wireless Systems ServersServers PCsPCs Phones/PDAs Applications E-Business E-Commerce Multimedia E-Business E-Commerce Multimedia Users DesktopsDesktops Mobile Security Everywhere

10 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 10 1994-1999 C HECK P OINT 2000 C HECK P OINT 2000 Fast and Scalable Large Scale VPNs High Performance Enterprise Servers Enterprise Servers Remote Office & Small Business Home Home Users Users Linux Appliance Cable DSL Gigabit VPNs AIX NT Solaris HP-UX

11 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T VPN-1 Solutions

12 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 12 Intranet VPN One-Click VPNs Define a VPN Community Define a VPN Community Add sites to the community with one click! Add sites to the community with one click! Sydney New York London Tokyo

13 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 13 One-Click VPNs Definition of a VPN Community automatically creates an encryption rule in the security policy One-Click VPNs simplify security policy creation and management

14 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 14 VPN-1 Clients ConnectMode Allows users to explicitly CONNECT/DISCONNECT from the VPN Allows users to explicitly CONNECT/DISCONNECT from the VPN Enables multiple “connection profiles” for different environments Enables multiple “connection profiles” for different environments Benefits: Benefits:  Provides more control to users who want it  Uses model similar to dial-up for greater ease of use

15 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 15 VPN-1 SecureClient OfficeMode VPN-1 Gateway assigns IP address to VPN-1 SecureClient during key exchange VPN-1 Gateway assigns IP address to VPN-1 SecureClient during key exchange Benefits: Benefits:  Remote user “appears” local  Enables some IP-based applications  Eases user experience Corporate Network Remote Users 10.x.x.x

16 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 16 VPN-1 SecureClient One-Click Certificates Manager generates user certificate with “one-click” Manager generates user certificate with “one-click” Benefits: Benefits:  Internal Certificate Authority included with VPN-1 for strong authentication “out of the box”

17 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 17 VPN-1 SecureClient New Policy Interface Rules sorted by direction (inbound/outbound) Rules sorted by direction (inbound/outbound) Benefits: Benefits:  Client policies are easier to read

18 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 18 VPN-1 SecureClient Diagnostic Tools Reduces administrative overhead involved in supporting remote access VPN users Shows status of client connection, security, etc. Shows policy in force on client Shows events logged on the client

19 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 19 More New VPN-1 Features VPN-1 Gateway VPN-1 Gateway  FIPS 140 Level 2 Compliance VPN-1 SecureClient VPN-1 SecureClient  Policy Server Clustering

20 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Enterprise Management Solutions

21 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 21 Dynamic Address Gateways Gateways with dynamically assigned IP addresses can be managed remotely Gateways with dynamically assigned IP addresses can be managed remotely Benefits: Benefits:  Supports Remote Office/Branch Office environments with low-cost Internet access VPN-1/FireWall-1 SmallOffice with dynamically assigned IP address Management Console and Management Server 216.200.241.66 From ISP

22 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 22 Enhanced Administrator Security Granular settings provide access control restrictions Authentication choices include digital certificates Increased control and delegation of administrator roles and responsibilities “Profiles” define privileges

23 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 23 Multiple Policy Support: Limit Policy Scope (1) Limit the set of Gateways on which a policy can be installed (2) At policy install time, only valid installation targets appear (3) Excluded Gateways do not appear Simplified management for security environments requiring multiple policies

24 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 24 Visual Policy Editor Expanded Rule Visualization Path 1 Path 4 Path … Visualize Traffic Paths

25 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 25 Extranet Ready A simple structure and process for defining and managing Extranets EstablishTrust Establish Trust Exchange Network Objects Build Extranet Access Rules Extranet partner “A” Extranet partner “B”

26 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Performance & Availability

27 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 27 ClusterXL: Gateway-based Load Sharing Remote VPN user accesses email Remote office accesses central servers Scalable performance for all traffic through gateways Scalable performance for all traffic through gateways Includes high availability for seamless fail-over Includes high availability for seamless fail-over Synchronized gateways share load dynamically

28 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 28 VPN Load Distribution Client randomly selects gateway Client randomly selects gateway Enables near-linear scalability for remote access Enables near-linear scalability for remote access “Access Gateway 1” Gateway 1 Gateway 2 “Access Gateway 2”

29 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 29 Offloads 3DES encryption to Intel IPSec NICs Offloads 3DES encryption to Intel IPSec NICs  Provides line speed encryption  Available for approximately $70 Tremendous price/ performance for open platforms Low-Cost Plug-in VPN Acceleration

30 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 30 FloodGate-1 Low Latency Queuing (LLQ) High Quality Multimedia & Voice on VPNs Prioritized over all other traffic Prioritized over all other traffic Configurable per packet guarantees Configurable per packet guarantees  Constant Bit Rate (CBR)  Max delay  Encryption taken into account Multiple rules permissible Multiple rules permissible

31 W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T UserAuthority

32 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 32 UserAuthority SecureAgent Single sign on based on Windows Domain Authentication for VPN- 1/FireWall-1 and UserAuthority- enabled applications Single sign on based on Windows Domain Authentication for VPN- 1/FireWall-1 and UserAuthority- enabled applications Enables user-based tracking in dynamic environment Enables user-based tracking in dynamic environment Transparent to end user Transparent to end user 1.User logs into domain controller and downloads SecureAgent 2.User attempts to access resources through VPN-1/FireWall-1 3.UserAuthority and SecureAgent are queried to determine user identity and credentials Windows Domain Controller VPN-1/FireWall-1

33 ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 33 Thank You!

Download ppt "W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.

Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Similar presentations

Ads by Google