1 / 33

Check Point Next Generation Feature Pack 1 (FP1)

Check Point Next Generation Feature Pack 1 (FP1). Thomas Witte Check Point Deutschland. Agenda. Check Point - The Company VPN-1 Solutions Enterprise Management Solutions Performance & Availability UserAuthority. Make the Internet Secure, Reliable, and Manageable. Mission.

yama
Télécharger la présentation

Check Point Next Generation Feature Pack 1 (FP1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Check Point Next GenerationFeature Pack 1 (FP1) Thomas Witte Check Point Deutschland

  2. Agenda • Check Point - The Company • VPN-1 Solutions • Enterprise Management Solutions • Performance & Availability • UserAuthority

  3. Make the Internet Secure, Reliable,and Manageable Mission

  4. Check Point Facts • History • Founded June 1993 • IPO June 1996 • Strong growth in revenues and profits • Global market leadership • 62% VPN market share (Gartner Group, 2001) • 42% firewall market share (#1 Position - IDC, 2001) • De-facto standard for Internet security • Strong business model • Technology innovation and leadership • Technology partnerships • Strong and diversified channel partnerships

  5. Financial Strength 25 consecutive quarters of income/revenue growth Market Leadership 186,000+ Installations 80,000+ VPN Gateways 63 Million+ VPN Clients 68,000+ Customers 1,500+ Channel Partners 300+ OPSEC Partners Check Point Today $ Millions

  6. Provider-1 Meta IP User Authority Account Management Open Security Extension Reporting Certificate Manager FireWall-1 VPN-1 Product Family - Gateway - SecuRemote - SecureClient - SecureServer Certified Appliances VPN-1/FW-1 Small Office Check Point RealSecure FloodGate-1 QoS VPN-1 Accelerator Card High Availability Module Connect Control SVN Solutions Management Stateful Inspection VPN /Security Policy-based Management Performance / Availability O P S E C Many solutions - one architecture

  7. The OPSEC - Best Of Breed Integration Check Point Policy-Based Management Content Security PKI & Directories IntrusionDetection High Availability Event Anal. & Reporting Authentication Others CVP UFP SAMP OMI RADIUS LDAP LEA UAM Others OPSEC Protocols and APIs Check Point Product Solutions SecurityAppliances ServiceProviders SecuritySoftware PolicyConsoles Accel. Engines Servers Switches Routers

  8. Internet Backbone Private Network Single Site Distributed Network Virtual Corporation Physical Assets Secure Access Restrict Access Prevent Losses Generate Revenue The New World The New Role of Security

  9. Systems • Servers • PCs • Networks • LAN/WAN • Customers • Partners • Suppliers CorporateOffice Fixed Line Dial-Up Broadband Wireless • ExtendedWorkforces • MobileEmployees BranchOffice • Applications • Users • Desktops Security Everywhere • Broadband • Wireless • Phones/PDAs • E-Business • E-Commerce • Multimedia • Mobile

  10. 1994-1999 Solaris HP-UX AIX Linux Appliance NT DSL Home Users CHECK POINT 2000 Cable Fast and Scalable Large Scale VPNs Enterprise Servers High Performance Gigabit VPNs Remote Office & Small Business

  11. VPN-1 Solutions

  12. One-Click VPNs • Define a VPN Community • Add sites to the community with one click! New York Sydney Intranet VPN Tokyo London

  13. One-Click VPNs Definition of a VPN Community automatically creates an encryption rule in the security policy One-Click VPNs simplify security policy creation and management

  14. VPN-1 ClientsConnectMode • Allows users to explicitly CONNECT/DISCONNECTfrom the VPN • Enables multiple “connection profiles” for different environments • Benefits: • Provides more control to users who want it • Uses model similar to dial-up for greater ease of use

  15. 10.x.x.x 10.x.x.x VPN-1 SecureClientOfficeMode • VPN-1 Gateway assigns IP address to VPN-1 SecureClient during key exchange • Benefits: • Remote user “appears” local • Enables some IP-based applications • Eases user experience Remote Users Corporate Network

  16. VPN-1 SecureClientOne-Click Certificates • Manager generates user certificate with “one-click” • Benefits: • Internal Certificate Authority included with VPN-1 for strong authentication “out of the box”

  17. VPN-1 SecureClientNew Policy Interface • Rules sorted by direction (inbound/outbound) • Benefits: • Client policies are easier to read

  18. VPN-1 SecureClientDiagnostic Tools Reduces administrative overhead involved in supporting remote access VPN users Shows status of client connection, security, etc. Shows policy in force on client Shows events logged on the client

  19. More New VPN-1 Features • VPN-1 Gateway • FIPS 140 Level 2 Compliance • VPN-1 SecureClient • Policy Server Clustering

  20. Enterprise Management Solutions

  21. Dynamic Address Gateways • Gateways with dynamically assigned IP addresses can be managed remotely • Benefits: • Supports Remote Office/Branch Office environments with low-cost Internet access From ISP 216.200.241.66 VPN-1/FireWall-1 SmallOffice with dynamically assigned IP address Management Console and Management Server

  22. Enhanced Administrator Security “Profiles” define privileges Granular settings provide access control restrictions Authentication choices include digital certificates Increased control and delegation of administrator roles and responsibilities

  23. Multiple Policy Support:Limit Policy Scope (1) Limit the set of Gateways on which a policy can be installed (2) At policy install time, only valid installation targets appear (3) Excluded Gateways do not appear Simplified management for security environments requiring multiple policies

  24. Visual Policy Editor Expanded Rule Visualization Path 1 Path … Path 4 Visualize Traffic Paths

  25. Extranet partner “A” Extranet Ready A simple structure and process for defining and managing Extranets EstablishTrust Exchange Network Objects Extranet partner “B” Build Extranet Access Rules

  26. Performance & Availability

  27. ClusterXL: Gateway-based Load Sharing Remote office accesses central servers Synchronized gateways share load dynamically Remote VPN user accesses email • Scalable performance for all traffic through gateways • Includes high availability for seamless fail-over

  28. VPN Load Distribution “Access Gateway 1” Gateway 2 Gateway 1 • Client randomly selects gateway • Enables near-linear scalability for remote access “Access Gateway 2”

  29. Low-Cost Plug-in VPN Acceleration • Offloads 3DES encryption to Intel IPSec NICs • Provides line speed encryption • Available for approximately $70 Tremendous price/ performance for open platforms

  30. FloodGate-1Low Latency Queuing (LLQ) High Quality Multimedia & Voice on VPNs • Prioritized over all other traffic • Configurable per packet guarantees • Constant Bit Rate (CBR) • Max delay • Encryption taken into account • Multiple rules permissible

  31. UserAuthority

  32. UserAuthority SecureAgent Windows Domain Controller 1. User logs into domain controller and downloads SecureAgent 2. User attempts to access resources through VPN-1/FireWall-1 VPN-1/FireWall-1 • Single sign on based on Windows Domain Authentication for VPN-1/FireWall-1 and UserAuthority-enabled applications • Enables user-based tracking in dynamic environment • Transparent to end user 3. UserAuthority and SecureAgent are queried to determine user identity and credentials

  33. Thank You!

More Related