Security Policy Management

PreviousLicensing and Contracts NextPolicy Layers

Last updated 10 months ago

Was this helpful?

Security Policy Management

Concept

Multiple Security Gateways. Traffic will always pass through the Firewall coming into and leaving the network. Once the traffic hits the Firewall, it will check its rule set from the SMS (Management Server) and makes a decision off that.

Traffic Types

Going to the Firewall
1. Traffic directly hitting the Firewall's IP address (e.g. pinging the internal Firewall IP)
2. RESTRICTIVE
Inside -> Outside
1. Traffic that is trying to reach an external network(e.g. pinging 1.1.1.1).
2. More allowance with this
Outside -> Inside
1. Traffic that is trying to reach an internal network(e.g. Public facing websites)
2. Less allowances

Security Policies

There will always be an implicit DROP at the end of the security policy list. This is called the Clenup rule

A Security Policy is a collection of rules and settings that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection

These rules are read from top down. Rule Shadowing can occur when broader rules are at the top with a higher priority than more specific rules

Policies are created and managed in the SmartCOnsole
They are stored in the Security Management Server
Then enforced by the Security Gateway

Basic Policy Types

Access Control Policy
- Firewall, application & url filtering, content awareness, IPsec VPN and mobile access, identity awareness
Desktop Security Policy
- Check Point clients that include Desktop Security such as Endpoint security VPN, enforce it on the client to give it firewall protection
QoS Policy
- Prioritize certain traffic over others (e.g. VoIP over Roblox). Guaranteed access/priority can be given to employees
Threat Prevention Policy
- IPS, Anti-Bot, AV, Sandblast

Multiple policies can be made for specific sites if there are multiple sites.

This can be done with Unified Policies. This groups multiple basic policy types together which then can be assigned to a specific firewall (wpg site & mtl site)

Log entries can be set up to generate when a rule has been hit

Shared Policies

These can be created so the same policy doesn't have to be created multiple times if multiple security gateways are being administered

Stealth Rule

For an effective Security Policy, Check Point recommends that rule bases contain Cleanup and Stealth rules. These rules are added first.

The stealth rule drops any traffic destined for the Firewall that is not otherwise explicitly allowed.

The management rule makes sure that only the management server can reach the firewall via https and ssl_version_2

Explicit rules
- Created by the admin
- configured to allow or block traffic based of specific cretirea
Implied rules
- Created by the SGW (Check Point)
- Configured to allow connections for different services that the SGW uses
- Placed first, last, or before last in the Firewall Rule Base

Rule Examples

Accept: Allowed to pass
Drop: Drops the traffic without telling the source what's up
Reject: Drop the traffic AND tell the source we did it

Order of Operations

Anti-Spoofing is usually only applied to the internal interfaces.

Security Zones

Interfaces on the Firewall can be placed into a Security Zone. This simplifies rulebase creation and policy management

Predefined Security Zones:

InternalZone
ExternalZone
DMZZone
WirelessZone

Policy Packages

These are logical groupings of one or more of the Basic Policy types. This lets you install different combinations of policies on a Firewall

Practice Questions

PreviousLicensing and Contracts NextPolicy Layers

Last updated 10 months ago

Was this helpful?

Concept

Traffic Types

Going to the Firewall
1. Traffic directly hitting the Firewall's IP address (e.g. pinging the internal Firewall IP)
2. RESTRICTIVE
Inside -> Outside
1. Traffic that is trying to reach an external network(e.g. pinging 1.1.1.1).
2. More allowance with this
Outside -> Inside
1. Traffic that is trying to reach an internal network(e.g. Public facing websites)
2. Less allowances

Security Policies

There will always be an implicit DROP at the end of the security policy list. This is called the Clenup rule

A Security Policy is a collection of rules and settings that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection

These rules are read from top down. Rule Shadowing can occur when broader rules are at the top with a higher priority than more specific rules

Policies are created and managed in the SmartCOnsole
They are stored in the Security Management Server
Then enforced by the Security Gateway

Basic Policy Types

Access Control Policy
- Firewall, application & url filtering, content awareness, IPsec VPN and mobile access, identity awareness
Desktop Security Policy
- Check Point clients that include Desktop Security such as Endpoint security VPN, enforce it on the client to give it firewall protection
QoS Policy
- Prioritize certain traffic over others (e.g. VoIP over Roblox). Guaranteed access/priority can be given to employees
Threat Prevention Policy
- IPS, Anti-Bot, AV, Sandblast

Multiple policies can be made for specific sites if there are multiple sites.

This can be done with Unified Policies. This groups multiple basic policy types together which then can be assigned to a specific firewall (wpg site & mtl site)

Log entries can be set up to generate when a rule has been hit

Shared Policies

These can be created so the same policy doesn't have to be created multiple times if multiple security gateways are being administered

Stealth Rule

For an effective Security Policy, Check Point recommends that rule bases contain Cleanup and Stealth rules. These rules are added first.

The stealth rule drops any traffic destined for the Firewall that is not otherwise explicitly allowed.

The management rule makes sure that only the management server can reach the firewall via https and ssl_version_2

Explicit rules
- Created by the admin
- configured to allow or block traffic based of specific cretirea
Implied rules
- Created by the SGW (Check Point)
- Configured to allow connections for different services that the SGW uses
- Placed first, last, or before last in the Firewall Rule Base

Rule Examples

Accept: Allowed to pass
Drop: Drops the traffic without telling the source what's up
Reject: Drop the traffic AND tell the source we did it

Order of Operations

Anti-Spoofing is usually only applied to the internal interfaces.

Security Zones

Interfaces on the Firewall can be placed into a Security Zone. This simplifies rulebase creation and policy management

Predefined Security Zones:

InternalZone
ExternalZone
DMZZone
WirelessZone

Policy Packages

These are logical groupings of one or more of the Basic Policy types. This lets you install different combinations of policies on a Firewall