Yes I know money talks when it comes to these sorts of things, but as a security professional it just made me sick to see a dedicated and insightful company like SecureWorks being trashed by Dell.

This box must be managed by a Check Point Management Server. This video shows you how to physically setup the box so that you can connect it to a management server to push a security policy.

UTMs are usually a lower cost option than buying and installing several security components separately.  They are also greener, as one solution uses much less energy than multiple devices.  When buying a UTM or a super UTM, it is important to ensure a reseller sizes it correctly.  example: ensure that if has the performance capability to deal with current throughput and future business expansion.

Another threat, not covered by traditional firewalls, is unsolicited email, better known as spam. Dealing with spam can seriously affect productivity, and because spam often contains viruses and phishing attempts, it is a direct security threat.

Phishing, botnets, and DDoS Phishing threats try to extract sensitive information, such as passwords or credit card information, using authentic-looking but completely fraudulent emails that look to be from trusted sources like financial institutions where legitimate accounts have been set up. Pharming, a similar scheme, occurs when criminals have set up false Web sites that look like ones that are used regularly—typically banking sites. Once account user names and passwords have been entered, the criminals steal from the accounts.

Here is an example. A person or business uses paypal or another credit card processing bank to process credit cards etc. This company receives an email from the bank or paypal and that email looks legitimate and important. It tells you to click a link in the email to take you to their website so they can verify some information. You click this link and then enter in your username and password but nothing happens. You try again and still nothing happens. As it appears you are on your banks website, you are actually connected to a website on the other side of the planet that was built to look like your banks website. They now have your username and password and start to move money from your account.  This just a simple example.  You can imagine how far this can go.

Also, many users are unaware that they can actually acquire malware by simply browsing Web Sites.  This is a rapidly growing threat, and some of the malware is used to create botnets.

Another network danger is from a distributed denial of service (DDoS) attack.  This exploit attempts to prevent an organization from using its Internet-based systems by flooding them with emails until its servers are overwhelmed.  These attacks are often carried out by botnet networks of compromised PCs, which are also used in spam campaigns.  Specific DDoS software and appliances can help guard against this threat.  We will discuss botnets in another issue.

There are many threats out there that put your network at risk.  This is why the UTM firewall has been developed.

evolved for security. These include, Intrusion Prevention Service (IPS), Antivirus Services, Virtual Private Networking (secure Remote Access), the firewall itself, etc etc. These were all at one time a separate piece of hardware and each had to be maintained and purchased. Now with the evolution of the UTM firewall, these services can now be done in one piece of hardware with considerable savings. The traditional firewall was very specific and could not protect networks from the various threats that are being developed every day.

Packet Firewalls – All network data travels via packets. This is the basic transport layer and these firewalls just looked at the packet destination and either allowed or blocked. A very simple firewall with limited abilities.

Proxy Server – A proxy firewall pretty much intercepts all packets and looks at a rule base to decide its fate. Proxy firewall included some of the first firewalls but became very cumbersome in functionality. Although the Proxy firewall is coming back in some respects and is mainly used in conjunction with other firewall types.

Stateful packet filters – This technology checks the state of firewalls connections to determine if the traffic will be allowed through. An example, is that when the firewall receives a request to allow traffic through such as web traffic it first looks at its connection table to see if there was actually a web request initiated from the inside of the network. A person browsing the internet for example from the inside network.

Application layer firewall – Application layer firewalls look at the actual information in the packets and at the application layer before allowing a connection. These types of firewalls are the mainstay of more up to date blended threat firewalls.

This list is not a complete list of the firewall types, but it covers the majority of firewall types. In the real world, threats have so evolved that the above type firewalls are utilized together to provide the best protection available in a single firewall. Combining these firewall technologies has helped hinder the latest threats. We call this blended threat firewalls.

There are many options here but I want to do a simple one and then elaborate on it further in another post.

1. Download the latest client build from Checkpoint
2. Obtain the MSI packaging tool provided by Checkpoint.  If you have the smart dashboard installed you can find this program in c:\program files\Checkpoint\Smartconsole\R65\program\util
3. With cpmsi_tool.exe we will extract the MSI downloaded in step 1

• Create a directory x:\secureclient
• place the latest secureclient and the cpmsi_tool.exe in this directory
• Rename the downloaded msi package to Base.msi
• Open a command line prompt and change to the new directory secureclient
• Type:  cpmsi_tool.exe Base.msi out all (this will extract the files from the msi file.

Once these files are extracted you can edit them in notepad.  The product.ini file has many options that you can research to make changes.
examples: show welcome screen, force options etc. etc.

After you have made any options changes to these files you need to re-package the files back into the msi file.

At command prompt again Type:  cpmsi_tool Base.msi in all

Now install the Base package on a laptop.

Configure the settings to connect to your firewall.  Connect to the firewall and make sure the connections works.  This updates the topology etc.

Disconnect the vpn client and then go to control panel services and stop the checkpoint services.  Now go and get this file:  c:\program files\checkpoint\secuRemote\database\userc.C

Now we have the basic configuration file.  So lets re-assemble the msi file with the updated userc file.

Note here:  you can edit this userc.C file to make many changes.  For this example we are just going to leave it alone.

copy the userc.C file back to the directory on the computer that we were working on originally (not the test laptop)

Lets make sure we have all this separate:

Make a new directory called finished and copy the base.msi file to this directory. Rename it to (whateveryouwant.msi).  Extract it by Typing:  cpmsi_tool.exe whateveryouwant.msi out all.  Then copy the userc.C file that you copied from your laptop to this directory and allow it to overwrite the file.  This contains all the changes you made.

Repackage the file by Typing:  cpmsi_tool.exe whateveryouwant.msi in all

Now you have a pre-configured package to work test.

There are many variables to change in there but this is a quick and dirty way to create this.  Please check Checkpoint’s secure knowledge for more definitive ways to customize this file.

For example ,you can have your standard Firewall blade and then add an IPS blade to further the security of your network.  Then later if you decide you want Anti-virus and Malware protection you can just turn on that blade.  Other Blade options are, Monitoring, URL Filtering, IPSEC VPN, etc…

Blade architecture can be deployed on Check Point UTM-1 and Power-1 appliances, open servers and within virtualized environments. New blades can be added by simply enabling their functionality in software; no additional hardware, firmware or drivers are necessary. This enables organizations to deploy security dynamically, as needed, with lower total cost of deployment.

This looks to be a good move by Check Point and it offers some excellent options for all size businesses.  I will be evaluating these blades soon and I will report my findings here.

thelv

I guess the question will be if CP will migrate this into their Secure Platform (SPLAT) or run both lines in parallel.  Its going to be interesting to see how this is going to shake out.  Especially from a CP partner point of view.

TheLV