Presentation is loading. Please wait.

Presentation is loading. Please wait.

SmartCenter for Pointsec - MI

Published byLinda Payne Modified over 6 years ago

Similar presentations

Presentation on theme: "SmartCenter for Pointsec - MI"— Presentation transcript:

1 SmartCenter for Pointsec - MI

2 Slide Graphic Legend

3 Check Point Software Technologies
1 Check Point Software Technologies

4 Course Layout Prerequisites General Knowledge of TCP/IP
Working Knowledge of Active Directory Working Knowledge of network technologies Working Knowledge of the Internet

5 Recommended Setup Machine A: Windows 2003 server SP2,
Domain Controller with Active Directory, DHCP DNS IIS Root CA. SQL database installation. Pointsec X9.9 demonstration token installed. Machine B: Windows XP SP2, Configured as DHCP client.

6 SmartCenter for Pointsec – MI Overview
2 SmartCenter for Pointsec – MI Overview

7 Administering Full Disk Encryption
What SmartCenter for Pointsec – MI Offers Central Management Modular Framework Integration with Active Directory

8 Modular Framework – Server Side

9 Modular Framework – Client Side

10 Scalability

11 Active Directory Overview
What is Active Directory Database with emphasis on organizational structures What is it used for Mainly a structured way of managing access control Why do we integrate with AD? Reuse organizational structure Reuse user, group and computer representation Group Policies

12 Microsoft Management Console

13 MI Management Structure – OU Propagation

14 MI Management Structure – Installation via OU structures

15 MI Components – Component Interaction

16 Server Side Components – MI Management Console

17 MI Management Console 17

18 Server Side Components – MI Database (MIDB)

19 System Requirements - MI Database
19

20 Server Side Components – Directory Scanner

21 System Requirements – MI Directory Scanner
21

22 Server Side Components – Connection Point

23 System Requirements – MI Connection Point
23

24 Client Side Components
Device Agent Polling, Deployment, Installation User Collector Collects User Account & Logon Information Software & Security Modules device agents Full Disk Encryption Media Encryption

25 Physical Architecture

26 System Requirements - MI Sharing servers
26

27 Remote Help

28 Installing SmartCenter for Pointsec - MI
1 Installing SmartCenter for Pointsec - MI

29 Review Questions & Answers
Does Active Directory require any special configuration or modifications when SmartCenter for Pointsec - MI is configured to work with it?

30 Review Questions & Answers
No. The Directory Scanner needs only “read” permissions when interacting with AD, no schema extensions or additional objects are required.

31 Review Questions & Answers
Describe the three types of objects used in Active Directory.

32 Review Questions & Answers
Users, Services and Resources

33 Review Questions & Answers
Can all SmartCenter for Pointsec - MI components be installed on a single device? If not, why?

34 Review Questions & Answers
Technically, it is possible but not recommended as this may impact available resources negatively.

35 The SmartCenter for Pointsec - MI Management Console (MIMC)
3 The SmartCenter for Pointsec - MI Management Console (MIMC)

36 Accessing the MIMC Keyboxes and the MIMC Opening a Keybox

37 The MIMC

38 About The MIMC Management Console Overview Organizational Views Search
Software Services Statistics Logs Remote Help Console Configuration

39 About The MIMC Menus SmartCenter for Pointsec – MI Explorer

40 Configuring MIMC Accounts
Accessing Account Group Settings Main Account Group Settings Explorer Nodes OU Settings Device Settings User Account Group Dynamic Tokens Logs Services

41 The MIMC Device Properties User Account Properties Services Searching
Accessing Device Properties Resetting A Device User Account Properties Services Working with Connection Points Working with Directory Scanners Download Locations Searching Accessing Search Options Statistics Logging

42 Review Questions & Answers
Where in the OU hierarchy can the properties for an installed Software Module be accessed?

43 Review Questions & Answers
Anywhere in the OU hierarchy that the software module is associated with.

44 Review Questions & Answers
What are two methods of searching that can be used in the Search function? When would each be applicable?

45 Review Questions & Answers
“Search by name” and “Search by state” “Search by name” is useful is looking for a specific object, software module or container. “Search by state” is useful for determining the status of an installation, or why a connection point may not be responding to requests.

46 Review Questions & Answers
What function does resetting a device serve when working in the MIMC?

47 Review Questions & Answers
In situations where a computer has crashed during installation or when a device has been removed from Active Directory before SmartCenter for Pointsec - MI has done a directory re-scan.

48 4 The Directory Scanner

49 The Directory Scanner Accessing the Directory Scanner GUI
Technical Overview of the Directory Scanner Technique when used Polling for Changes Permissions

50 Review Questions & Answers
What is the main task of the Directory Scanner?

51 Review Questions & Answers
To initially scan Active Directory and replicate this information in the MI database. After the initial scan, to rescan Active Directory for changes to Active Directory and replicate these changes back to the MI database.

52 Review Questions & Answers
Where is all SmartCenter for Poinstec - MI data stored?

53 Review Questions & Answers
In the SQL database that is used for the MI database. All necessary data is copied over from the Active Directory store.

54 Review Questions & Answers
Will the Directory Scanner continue to scan if encountering corrupted objects in a scan?

55 Review Questions & Answers
Not by default. It must be configured to do so.

56 5 Software Modules

57 About MI Software Modules
Accessing Modules in SmartCenter for Pointsec - MI Accessing Properties for the Security Product

58 Review Questions & Answers
What are the two types of software modules that are managed in SmartCenter for Pointsec - MI? What is the main difference between the two?

59 Review Questions & Answers
Device Agents and Security Modules. Device Agents are necessary for communications with the SmartCenter for Pointsec - MI framework. Security Modules are products that are used to secure workstations and laptops in an enterprise.

60 Review Questions & Answers
Where would the version information for a module be viewed?

61 Review Questions & Answers
By selecting the Properties of the actual binary in the Software section of the MIMC.

62 Review Questions & Answers
Where in the OU hierarchy can a security product’s properties be viewed?

63 Review Questions & Answers
At any point in the OU hierarchy that the security product is associated with.

64 The Virtual Directory Structure
6 The Virtual Directory Structure

65 The Virtual Directory Structure

66 The Virtual Directory Scanner
Automatic Creation of VDS Objects Deleted Computers Node Managing VDS Nodes

67 Review Questions & Answers
What is the purpose of having a Virtual Directory Structure in SmartCenter for Pointsec - MI?

68 Review Questions & Answers
The Virtual Directory Structure is used by SmartCenter for Pointsec - MI to act as a repository for Objects that are not part of the normal Active Directory structure MI scans.

69 Review Questions & Answers
When are computers added to the Deleted Computers node in the Virtual Directory Structure?

70 Review Questions & Answers
When the computer has been deleted from the Active Directory structure.

71 Review Questions & Answers
What impact could User Collector have on the contents of the Virtual Directory Structure?

72 Review Questions & Answers
All users collected by the User Collector which are not found in the Active Directory Store will be added to the Virtual Directory Structure. This could be an issue if the user collector has not recently polled the Active Directory store for updates.

73 7 The MI Device Agent

74 The MI Device Agent Monitoring the Device Agent The Device Agent GUI
Accessing the SmartCenter MI Device Agent GUI Reviewing Connection Point Information

75 Configuring and Deploying the Device Agent
2 Configuring and Deploying the Device Agent

76 Review Questions & Answers
Why is the device agent required to be installed on client PCs in the SmartCenter for Pointsec - MI framework?

77 Review Questions & Answers
It is the service that is used by the Framework to send & receive information & software modules to the client.

78 Review Questions & Answers
What level of access is required to work with the Device Agent GUI on a workstation or laptop?

79 Review Questions & Answers
Administrator level access.

80 Review Questions & Answers
The Device Agent GUI provides some basic troubleshooting functionality which could useful in what circumstances?

81 Review Questions & Answers
An administrator can use the ping test when troubleshooting connectivity issues with a connection point. Additionally, the command tab provides methods for testing the device agent’s ability to download security modules.

82 8 The User Collector

83 The User Collector What is the User Collector?
Accessing the User Collector Properties Working with Domain Name Restrictions and Exclusion Lists Monitoring the User Collector Acquired Users Displayed in SmartCenter for Pointsec – MI

84 Configuring and Deploying the User Collector
3 Configuring and Deploying the User Collector

85 Review Questions & Answers
Is the User Collector required on clients in the SmartCenter for Pointsec - MI framework? If not, why is it available?

86 Review Questions & Answers
No, it’s not. The User collector can provides and easier way for Administrators to collect User information from an enterprise and add this to the MI structure.

87 Review Questions & Answers
How many users are reported by the User Collector per poll cycle? What might this impact?

88 Review Questions & Answers
1 per cycle. If multiple users log into a single system in between poll cycles, they may be missed in when the user collector next polls the system.

89 Review Questions & Answers
What is the maximum number of users that can be configured to be collected? Is this a “hard limit’?

90 Review Questions & Answers
Yes, but it can be superseded by selecting the “unlimited number of users” option in the User Collector GUI.

91 9 Full Disk Encryption

92 The Need for Full Disk Encryption
Full Disk Encryption Data Security Technology File and Disk Encryption Boot Protection/Authentication

93 Full Disk Encryption — Complete Data Protection

94 Full Disk Encryption Security Features
Languages Supported in Full Disk Encryption How It Works Authentication Methods Recovery Authority Levels Automatic Logging and Centralized Auditing Remote Help Full Disk Encryption Licensing

95 Full Disk Encryption Components
Full Disk Encryption Database Full Disk Encryption Boot Authentication Full Disk Encryption Management Console Full Disk Encryption Encryption-Key Generation Recovery File Naming Conventions Services and Processes Initial Encryption of the Hard Drive Full Disk Encryption Licensing

96 System Requirements Supported Operating Systems
Operating-System Requirements/Limitations File Systems/Volumes/OS Upgrades Software Incompatibilities Known Limitations Services and Processes Initial Encryption of the Hard Drive Full Disk Encryption Licensing

97 Full Disk Encryption – MI Client
4 Full Disk Encryption – MI Client

98 Review Questions & Answers
Which components comprise the basic installation of Full Disk Encryption? Discuss the importance of each:

99 Review Questions & Answers
Secure local user database: stores all of the users and groups that have access to the local computer on which Full Disk Encryption is installed Preboot authentication program: allows for the Full Disk Encryption authentication to appear at boot Full Disk Encryption Management Console: divided into three primary sections: Local, Remote and Remote Help Recovery-file creation from registry entries: recovery file format is ComputerName_R.rec, where ComputerName is the value of the computer name as listed in the registry key

100 Review Questions & Answers
Encryption/decryption key and program services: Individual keys created for each partition, to provide the highest level of security Monitoring program: checks encryption status, locks the workstation, and selects the language in the PBE or Windows

101 Review Questions & Answers
Is the Full Disk Encryption Management Console accessible in a Full Disk Encryption MI client installation? If so, what is the main difference in this?

102 Review Questions & Answers
Yes, it is. The features and functions that are normally accessible here are grayed out since these are all controlled by SmartCenter for Pointsec – MI.

103 Review Questions & Answers
What are three types of hard-drive protection, and which two are used by Full Disk Encryption? Why?

104 Review Questions & Answers
File Encryption, Data Encryption & Boot Protection Boot protection and Data Encryption - these provide the most secure level of data security.

Download ppt "SmartCenter for Pointsec - MI"

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Planning Server Deployments

Planning Server Deployments
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Similar presentations

Ads by Google