1 / 21

Check Point Software SSL VPN Solutions Technical Overview

Check Point Software SSL VPN Solutions Technical Overview. Thorsten Schuberth Technical Consultant Nubit 2005. Agenda. Introduction to SSL VPN Solutions Connectra 2.0 New Security Features Integrity Clientless Security (ICS) 3.0 Integrity Secure Browser (ISB) AV Checking

jolie
Télécharger la présentation

Check Point Software SSL VPN Solutions Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Check Point SoftwareSSL VPN SolutionsTechnical Overview Thorsten Schuberth Technical Consultant Nubit 2005

  2. Agenda • Introduction to SSL VPN Solutions • Connectra 2.0 • New Security Features • Integrity Clientless Security (ICS) 3.0 • Integrity Secure Browser (ISB) • AV Checking • Enhanced Protection Levels • SSL Network Extender (SNX) • ICS Integration with R55 HFA-12

  3. Check Point Security Solution

  4. Web Threat Environment Most cyber attacks and Internet security violations are generated through Internet applications.

  5. Check Point Web Security Portfolio • SSL VPN for Web-based remote access • Connectra, The Web Security Gateway • Unified SSL VPN, Web security, and Endpoint security • SSL Network Extender • Network-level SSL VPN for Connectra & VPN-1 • Web Application Firewall • Web Intelligence • Web Security for Connectra & VPN-1 • Endpoint Security • Integrity Clientless Security • Integrated into Connectra, available for Web applications Bringing Business to the Web Securing the Web for Business

  6. Introducing ConnectraWeb Connectivity with Unmatched Security Web Security Gateway Features • Secure Web-Based Connectivity • Integrated Server Security • Adaptive Endpoint Security • One-Click SSL Extranet • Seamless Network Deployment and Management SSL VPN Integrated Security Easy Deployment

  7. Connectra – The Web Security Gateway Security will be the #1 buying criteria for SSL VPN gateways in 2005 • Key Advantage Today = MOST SECURE • Endpoint Security Integration • Integrated Attack Prevention “Endpoint security integration was the #1 reason we chose Check Point.” - Large Energy Company “Endpoint security is an escalating problem as SSL VPNs go mainstream.” - John Girard, VP of Gartner

  8. Introducing SSL Network ExtenderSecure Network-Level Connectivity over the Web • Network-level connectivity over SSL VPN • Browser Plug-in • Supports all IP-based applications • TCP, UDP, ICMP, FTP, etc. • Integrated with Check Point Gateways • Connectra • Enables native applications support • VPN-1 • Combined IPSec and SSL SSL

  9. Introducing Web IntelligenceProtection for the Entire Web Environment Web application firewall technology for Check Point products. • Advanced Product Features • Malicious Code Protector ™ Patent-pending technology that catches buffer overflow attacks and other malicious code. • Advanced Streaming Inspection Extends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams. • Simple Deployment and Management Built to be quickly deployed to protect Web servers without complex tuning and configuration. • Seamless Integration with Check Point ProductsProvides protection for the entire Web environment. • Included in Connectra • Available as an add-on to VPN-1 gateways • Will be available on InterSpect Web Servers

  10. Introducing Integrity Clientless Security Key Features • Spyware Detection & Remediation • Simple Deployment & Maintenance • Network Access Policy Enforcement • Integrates with Web Applications- Outlook Web Access, Extranet Portals • Integrated with Connectra Key Benefits • Stops ID and password theft, prevents data loss • Makes it easy to secure non-IT controlled PC’s that access the enterprise network • Prevents any non-compliant remote PC from compromising enterprise security

  11. Integrity Secure Browser Configuration • Windows Only Solution • IE Offers Transparent Install • Other Browsers are Supported • Manual Prompt to Install ISB • Mozilla, Netscape & Opera • Subsequent Connections will not require reinstallation

  12. Integrity Secure Browser

  13. Connectra 2.0 ICS 3.0 Integration • Integrity Secure Browser • ISB will safeguard data in: • Password and Form fields • URL history • cached files • recently-used files • Warns users of potentially unsafe actions • Copy to local Clipboard • Download Files

  14. Protection Level Enhancements • Added Options to require ICS &/or ISB • Enables Access to applications where ICS/ISB support is not currently available • Macintosh & Linux users can now connect even if ICS is enabled

  15. ICS 3.0 Anti-Virus Checking • AV Checking Support for • Trend PC-cillin &OfficeScan • CA eTrust & VET • Symantec Norton Antivirus • Sophos AV • McAfee VirusScan • Zone Alarm Antivirus • DAT file version restrictions • Minimum DAT file version • DAT file creation date should be newer than • DAT file should be no older than <x> days • You can check that the Anti Virus is: • Installed • Installed and running • Custom Error Message for Out of Compliance AV • Shared by all AV Checks

  16. Connectra Appliance vs. Software Comparison

  17. SSL Network Extender for VPN-1

  18. R55 HFA-12 SNX & ICS • R55 SNX Integrated with ICS 2.2 • AV Checking • File/Registry checks • Requirement or Prohibition • Observation Mode remote nodes • Separate Installations of ICS & VPN-1 • Each Product is licensed & purchased independently • Manual Process for updating configuration file on VPN-1 gateways • $FWDIR/conf/extender/request.xml

  19. ICS 2.2 Overview Browser control (ActiveX) sent to users before they log into their web based application. • Scans, identifies, and disables spyware • Displays detected threats and provides removal assistance • Optionally, enforces security policy compliance by preventing network access to PCs that contain screened software, have outdated anti-virus definitions, or are missing other requirements

  20. ICS Integration with SNX • User Presented with ICS Scan prior to authentication • Same ICS scan for all users per gateway • No Protection Level Granularity as with Connectra

  21. Thank YouQuestions???

More Related