W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Securing the Borderless Network March 21, 2000 Ted Barlow.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Internet Protocol Security (IPSec)
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Understanding Active Directory
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Chapter 11: Dial-Up Connectivity in Remote Access Designs
©2002 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software Technologies Ltd. Connect, Protect & Manage – End-to-End Security.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Network Security Professor Professor Dr. Adeel Akram.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
Clinic Security and Policy Enforcement in Windows Server 2008.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
Barracuda Load Balancer Server Availability and Scalability.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Technical Lab n°1 Guidelines End-to-End Security and VPN.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Joseph Ferracin Director IT Security Solutions Managing Security.
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.
Windows Vista Configuration MCTS : Advanced Networking.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks
Secure Connected Infrastructure
Virtual Private Networks (VPN)
Securing the Network Perimeter with ISA 2004
Unit 27: Network Operating Systems
Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations.
Goals Introduce the Windows Server 2003 family of operating systems
Virtual Private Network
Presentation transcript:

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Check Point Next Generation Feature Pack 1 (FP1) Thomas Witte Check Point Deutschland

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 2 Agenda Check Point - The Company Check Point - The Company VPN-1 Solutions VPN-1 Solutions Enterprise Management Solutions Enterprise Management Solutions Performance & Availability Performance & Availability UserAuthority UserAuthority

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 3 Mission Make the Internet Secure, Reliable, and Manageable

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 4 Check Point Facts History History  Founded June 1993  IPO June 1996  Strong growth in revenues and profits Global market leadership Global market leadership  62% VPN market share (Gartner Group, 2001)  42% firewall market share (#1 Position - IDC, 2001)  De-facto standard for Internet security Strong business model Strong business model  Technology innovation and leadership  Technology partnerships  Strong and diversified channel partnerships

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 5 Check Point Today Financial Strength Financial Strength  25 consecutive quarters of income/revenue growth Market Leadership Market Leadership  186,000+ Installations  80,000+ VPN Gateways  63 Million+ VPN Clients  68,000+ Customers  1,500+ Channel Partners  300+ OPSEC Partners $ Millions

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 6 Management VPN / Security Performance / Availability Policy-based Management O P S E C FireWall-1 VPN-1 Product Family - Gateway - SecuRemote - SecureClient - SecureServer Certified Appliances VPN-1/FW-1 Small Office Check Point RealSecure Provider-1 Meta IP User Authority Account Management Open Security Extension Reporting Certificate Manager FloodGate-1 QoS VPN-1 Accelerator Card High Availability Module Connect Control Stateful Inspection SVN Solutions Many solutions - one architecture

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 7 The OPSEC - Best Of Breed Integration Content Security Intrusion Detection High Availability Authentication ServersSwitchesRouters Security Appliances Service Providers Security Software Policy Consoles Accel. Engines OPSEC Protocols and APIs Event Anal. & Reporting Others Check Point Product Solutions Check Point Policy-Based Management CVPUFPSAMPLEAOMIRADIUSLDAPUAMOthers PKI & Directories

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 8 Physical Assets Virtual Corporation Private Network Internet Backbone Single Site Distributed Network Restrict Access Secure Access Prevent Losses Generate Revenue The New Role of Security The New World

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 9 Fixed Line Dial-Up Broadband Wireless Fixed Line Dial-Up Broadband Wireless Corporate Office Branch Office CustomersCustomers PartnersPartners SuppliersSuppliers Extended WorkforcesExtended Workforces Mobile EmployeesMobile Employees Networks LAN/WANLAN/WAN Broadband Wireless Broadband Wireless Systems ServersServers PCsPCs Phones/PDAs Applications E-Business E-Commerce Multimedia E-Business E-Commerce Multimedia Users DesktopsDesktops Mobile Security Everywhere

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential C HECK P OINT 2000 C HECK P OINT 2000 Fast and Scalable Large Scale VPNs High Performance Enterprise Servers Enterprise Servers Remote Office & Small Business Home Home Users Users Linux Appliance Cable DSL Gigabit VPNs AIX NT Solaris HP-UX

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T VPN-1 Solutions

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 12 Intranet VPN One-Click VPNs Define a VPN Community Define a VPN Community Add sites to the community with one click! Add sites to the community with one click! Sydney New York London Tokyo

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 13 One-Click VPNs Definition of a VPN Community automatically creates an encryption rule in the security policy One-Click VPNs simplify security policy creation and management

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 14 VPN-1 Clients ConnectMode Allows users to explicitly CONNECT/DISCONNECT from the VPN Allows users to explicitly CONNECT/DISCONNECT from the VPN Enables multiple “connection profiles” for different environments Enables multiple “connection profiles” for different environments Benefits: Benefits:  Provides more control to users who want it  Uses model similar to dial-up for greater ease of use

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 15 VPN-1 SecureClient OfficeMode VPN-1 Gateway assigns IP address to VPN-1 SecureClient during key exchange VPN-1 Gateway assigns IP address to VPN-1 SecureClient during key exchange Benefits: Benefits:  Remote user “appears” local  Enables some IP-based applications  Eases user experience Corporate Network Remote Users 10.x.x.x

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 16 VPN-1 SecureClient One-Click Certificates Manager generates user certificate with “one-click” Manager generates user certificate with “one-click” Benefits: Benefits:  Internal Certificate Authority included with VPN-1 for strong authentication “out of the box”

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 17 VPN-1 SecureClient New Policy Interface Rules sorted by direction (inbound/outbound) Rules sorted by direction (inbound/outbound) Benefits: Benefits:  Client policies are easier to read

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 18 VPN-1 SecureClient Diagnostic Tools Reduces administrative overhead involved in supporting remote access VPN users Shows status of client connection, security, etc. Shows policy in force on client Shows events logged on the client

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 19 More New VPN-1 Features VPN-1 Gateway VPN-1 Gateway  FIPS 140 Level 2 Compliance VPN-1 SecureClient VPN-1 SecureClient  Policy Server Clustering

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Enterprise Management Solutions

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 21 Dynamic Address Gateways Gateways with dynamically assigned IP addresses can be managed remotely Gateways with dynamically assigned IP addresses can be managed remotely Benefits: Benefits:  Supports Remote Office/Branch Office environments with low-cost Internet access VPN-1/FireWall-1 SmallOffice with dynamically assigned IP address Management Console and Management Server From ISP

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 22 Enhanced Administrator Security Granular settings provide access control restrictions Authentication choices include digital certificates Increased control and delegation of administrator roles and responsibilities “Profiles” define privileges

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 23 Multiple Policy Support: Limit Policy Scope (1) Limit the set of Gateways on which a policy can be installed (2) At policy install time, only valid installation targets appear (3) Excluded Gateways do not appear Simplified management for security environments requiring multiple policies

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 24 Visual Policy Editor Expanded Rule Visualization Path 1 Path 4 Path … Visualize Traffic Paths

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 25 Extranet Ready A simple structure and process for defining and managing Extranets EstablishTrust Establish Trust Exchange Network Objects Build Extranet Access Rules Extranet partner “A” Extranet partner “B”

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T Performance & Availability

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 27 ClusterXL: Gateway-based Load Sharing Remote VPN user accesses Remote office accesses central servers Scalable performance for all traffic through gateways Scalable performance for all traffic through gateways Includes high availability for seamless fail-over Includes high availability for seamless fail-over Synchronized gateways share load dynamically

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 28 VPN Load Distribution Client randomly selects gateway Client randomly selects gateway Enables near-linear scalability for remote access Enables near-linear scalability for remote access “Access Gateway 1” Gateway 1 Gateway 2 “Access Gateway 2”

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 29 Offloads 3DES encryption to Intel IPSec NICs Offloads 3DES encryption to Intel IPSec NICs  Provides line speed encryption  Available for approximately $70 Tremendous price/ performance for open platforms Low-Cost Plug-in VPN Acceleration

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 30 FloodGate-1 Low Latency Queuing (LLQ) High Quality Multimedia & Voice on VPNs Prioritized over all other traffic Prioritized over all other traffic Configurable per packet guarantees Configurable per packet guarantees  Constant Bit Rate (CBR)  Max delay  Encryption taken into account Multiple rules permissible Multiple rules permissible

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T UserAuthority

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 32 UserAuthority SecureAgent Single sign on based on Windows Domain Authentication for VPN- 1/FireWall-1 and UserAuthority- enabled applications Single sign on based on Windows Domain Authentication for VPN- 1/FireWall-1 and UserAuthority- enabled applications Enables user-based tracking in dynamic environment Enables user-based tracking in dynamic environment Transparent to end user Transparent to end user 1.User logs into domain controller and downloads SecureAgent 2.User attempts to access resources through VPN-1/FireWall-1 3.UserAuthority and SecureAgent are queried to determine user identity and credentials Windows Domain Controller VPN-1/FireWall-1

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential 33 Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.