1. Trang chủ
  2. » Công Nghệ Thông Tin

Cp r81 10 quantum securitymanagement adminguide

699 2 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 699
Dung lượng 6,71 MB

Nội dung

Check Point CloudGuard cung cấp bảo mật gốc đám mây hợp nhất cho toàn bộ tài sản và khối lượng công việc, giúp bạn tự tin tự động hóa công tác bảo mật, ngăn ngừa các mối đe dọa và quản lý tình hình trong môi trường đa đám mây của bạn ở mọi nơi.

05 March 2023 QUANTUM SECURITY MANAGEMENT R81.10 [Classification: Protected] Administration Guide Check Point Copyright Notice © 2021 Check Point Software Technologies Ltd All rights reserved This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c) (1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19 TRADEMARKS: Refer to the Copyright page for a list of our trademarks Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses Important Information Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks Certifications For third party independent certification of Check Point products, see the Check Point Certifications page Check Point R81.10 For more about this release, see the R81.10 home page Latest Version of this Document in English Open the latest version of this document in a Web browser Download the latest version of this document in PDF format Feedback Check Point is engaged in a continuous effort to improve its documentation Please help us by sending your comments Quantum Security Management R81.10 Administration Guide      |      3 Important Information Revision History Date Description 05 March 2023 Added "Sharing SmartConsole Configuration and Logs with Infinity Portal" on page 329 19 February 2023 Updated "Configuring Implied Rules or Kernel Tables for Security Gateways" on page 145 31 January 2023 Updated: n n "Central Deployment of Hotfixes and Version Upgrades" on page 137 "The ICA Management Tool" on page 378 19 December 2022 Updated "Configuring a Secondary Security Management Server in SmartConsole" on page 370 17 November 2022 Updated: n n n n n n 24 July 2022 "Configuring the NAT Policy" on page 247 "Working with Automatic NAT Rules" on page 255 "Working with Manual NAT Rules" on page 262 "Working with NAT46 Rules" on page 268 "Working with NAT64 Rules" on page 279 " Advanced NAT Settings" on page 293 Removed: n "Configuring a SIC Proxy" - supported only for internal Check Point needs 14 June 2022 In the HTML version, added glossary terms in the text 15 May 2022 Updated: n "Managing Server and Gateway Licenses" on page 130 24 February 2022 Updated: 30 January 2022 Updated: n n 28 December 2021 "Configuring Implied Rules or Kernel Tables for Security Gateways" on page 145 l Corrected the paths for Security Gateways R81 l Added the Quantum Spark appliance models 1600 and 1800 "Database Revisions" on page 351 Updated: n "High Availability Troubleshooting" on page 374 Quantum Security Management R81.10 Administration Guide      |      4 Important Information Date Description 23 December 2021 Updated: n n n n n 21 December 2021 "The Columns of the Access Control Rule Base" on page 188 "Object Categories" on page 159"Object Categories" on page 159 Updated values of IKE Certificate Validity Period in "CA Procedures" on page 388 Updated "Ordered Layers and Inline Layers" on page 214 Updated "Network Security for IoT Devices" on page 362 Updated: n n n n "Understanding SmartConsole" on page 25 "The Columns of the Access Control Rule Base" on page 188 "Ordered Layers and Inline Layers" on page 214 "Monitoring Licenses in SmartConsole" on page 134 27 November 2021 Updated: 09 November 2021 Updated: 28 October 2021 Updated n n n n n 06 October 2021 n n n "Working with Policy Packages" on page 178 "Database Revisions" on page 351 "SmartTasks" on page 356 "Secure Internal Communication (SIC)" on page 124 "Viewing Licenses in SmartConsole" on page 132 Updated: n n n 14 July 2021 "Managing Security through API" on page 40 "Central Deployment of Hotfixes and Version Upgrades" on page 137 "Network Security for IoT Devices" on page 362 Updated: n 10 August 2021 "Creating a New Security Gateway" on page 119 Updated: n 05 September 2021 "Configuring a Security Gateway to Access the Management Server or Log Server at its NATed IP Address" on page 144 "Creating Application Control and URL Filtering Rules" on page 208 "Best Practices for Access Control Rules" on page 235 "Database Revisions" on page 351 First release of this document Quantum Security Management R81.10 Administration Guide      |      5 Table of Contents Table of Contents Introduction to Security Management 23 Getting Started 24 Understanding SmartConsole 25 SmartConsole Window 25 SmartConsole Toolbars 26 Search Engine 28 IP Search 29 General IP Search 29 Packet Search 29 Rule Base Results 30 30 Access and Custom Policy Tools "Access Tools" in the Security Policies "Access Control" view 30 "Custom Policy Tools" in the Security Policies "Threat Prevention" view 31 Shared Policies 31 API Command Line Interface 32 Keyboard Shortcuts for SmartConsole 32 Web SmartConsole 35 Connecting to the Security Management Server through SmartConsole 36 Planning Security Management 37 Define your Organization's Topology 37 Define Access Rules for Protection of your Organization's Resources 37 Enforce Access Policies 37 Configuring the Security Management Server and Security Gateways 37 Setting up for Team Work 38 40 Managing Security through API API 40 API Tools 40 Configuring the API Server 41 API Key Authentication 42 Configuring API key authentication for administrators Managing User and Administrator Accounts 42 45 Authentication Methods for Users and Administrators 46 Managing User Accounts 48 Quantum Security Management R81.10 Administration Guide      |      6 Table of Contents 48 User Database Creating, Modifying, and Removing User Accounts 48 User > General Properties 49 Configuring Authentication 49 User > Location 49 User > Time 49 User > Certificates 50 User > Encryption 50 Configuring Default Expiration Settings for Users 51 Delete a User 51 Granting User Access using RADIUS Server Groups 51 SecurID Authentication for Security Gateway 52 Configuring TACACS+ Authentication 57 Managing User Groups 57 Adding User Groups 58 LDAP and User Directory 58 User Directory and Identity Awareness 59 User Directory Considerations 59 The User Directory Schema 59 Check Point Schema for LDAP 60 Schema Checking 60 OID Proprietary Attributes 60 User Directory Schema Attributes 60 Fetch User Information Effectively 69 Setting User-to-Group Membership Mode 70 Profile Attributes 70 79 Microsoft Active Directory Updating the Registry Settings 80 Delegating Control 80 Extending the Active Directory Schema 80 Adding New Attributes to the Active Directory 81 Retrieving Information from a User Directory Server 81 Running User Directory Queries 82 Querying Multiple LDAP Servers 83 User Directory 83 Quantum Security Management R81.10 Administration Guide      |      7 Table of Contents Deploying User Directory 83 Enabling User Directory 83 84 Account Units Working with LDAP Account Units Configuring LDAP query parameters 84 88 Modifying the LDAP Server 88 Account Units and High Availability 89 Setting High Availability Priority 90 Authenticating with Certificates 90 Managing Users on a User Directory Server 91 Distributing Users in Multiple Servers 91 Managing LDAP Information 91 LDAP Groups for the User Directory 92 93 Access Roles 93 Adding Access Roles 94 Authentication Rules 95 Managing Administrator Accounts Configuring Authentication Methods for Administrators 95 Configuring Check Point Password Authentication for Administrators 95 Configuring OS Password Authentication for Administrators 96 Configuring RADIUS Server Authentication for Administrators 96 Configuring SecurID Server Authentication for Administrators 97 Configuring TACACS Server Authentication for Administrators 98 Configuring API key authentication for administrators Creating, Changing, and Deleting an Administrator Account 100 102 Creating an Administrator Account 103 Changing an Existing Administrator Account 104 Deleting an Administrator Account 105 Creating a Certificate for Logging in to SmartConsole 105 Configuring Default Expiration for Administrators 106 Setting SmartConsole Timeout 107 Revoking Administrator Certificate 107 Assigning Permission Profiles to Administrators 108 Changing and Creating Permission Profiles 108 Configuring Customized Permissions 109 Quantum Security Management R81.10 Administration Guide      |      8 Table of Contents Configuring Permissions for Access Control Layers 110 Configuring Permissions for Access Control and Threat Prevention 111 Configuring Permissions for Monitoring, Logging, Events, and Reports 111 Defining Trusted Clients 112 Restricting Administrator Login Attempts 113 Unlocking Administrators 113 Session Flow for Administrators 114 Publishing a Session 114 Working in SmartConsole Session View 115 Viewing Changes Made in Private Sessions 115 Taking over locked objects from administrators with inactive sessions 116 Administrators Working with Multiple Sessions 116 117 Use Case 119 Managing Gateways Creating a New Security Gateway 119 Manually Updating the Gateway Topology 121 121 Get Interfaces API Dynamically Updating the Security Gateway Topology 123 123 Dynamic Anti-Spoofing Secure Internal Communication (SIC) 124 Initializing Trust 124 SIC Status 124 Trust State 125 Troubleshooting SIC 125 Understanding the Check Point Internal Certificate Authority (ICA) 126 ICA Clients 127 SIC Certificate Management 127 129 Managing Licenses Managing Server and Gateway Licenses 130 Viewing Licenses in SmartConsole 132 Viewing license information for VSX 133 Monitoring Licenses in SmartConsole 134 136 License or Quota Changes Central Deployment of Hotfixes and Version Upgrades Introduction 137 137 Quantum Security Management R81.10 Administration Guide      |      9 Table of Contents Prerequisites 138 Limitations 138 Installation 139 How the Central Deployment Upgrades a Cluster 142 Configuring a Security Gateway to Access the Management Server or Log Server at its NATed IP Address 144 Configuring Implied Rules or Kernel Tables for Security Gateways 145 Introduction 145 Configuration files 145 Configuration Procedure 147 Introduction 147 Configuration files 148 Configuration Procedure 149 Location of 'user.def' Files on the Management Server 150 Location of 'implied_rules.def' Files on the Management Server 151 Location of 'table.def' Files on the Management Server 152 Location of 'crypt.def' Files on the Management Server 153 Location of 'vpn_table.def' Files on the Management Server 154 Location of 'communities.def' Files on the Management Server 155 Location of 'base.def' Files on the Management Server 156 Location of 'dhcp.def' Files on the Management Server 157 Location of 'gtp.def' Files on the Management Server 158 159 Managing Objects Object Categories 159 Actions with Objects 161 Object Tags 162 162 Adding a Tag to an Object 163 Network Object Types Networks 163 Network Groups 163 163 Grouping Network Objects Check Point Hosts 164 Gateway Cluster 164 Address Ranges 164 Wildcard Objects 164 Understanding Wildcard Objects 164 Quantum Security Management R81.10 Administration Guide      |      10 threshold_config Step Instructions Exit from the Threshold Engine Configuration menu Stop the CPD daemon: [Expert@HostName:0]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop" See "cpwd_admin stop" on page 550 Start the CPD daemon: [Expert@HostName:0]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd" See "cpwd_admin start" on page 547 Wait for 10-20 seconds 10 Verify that CPD daemon started successfully: [Expert@HostName:0]# cpwd_admin list | egrep "STAT|CPD" See "cpwd_admin list" on page 544 11 In SmartConsole, install the Access Control Policy on Security Gateways and Clusters Threshold Engine Configuration Options Menu item Description (1) Show policy name Shows the name of the current configured threshold policy (2) Set policy name Configures the name for the threshold policy If you not specify it explicitly, then the default name is "Default Profile" (3) Save policy Saves the changes in the current threshold policy (4) Save policy to file Exports the configured threshold policy to a file If you not specify the path explicitly, the file is saved in the current working directory (5) Load policy from file Imports a threshold policy from a file If you not specify the path explicitly, the file is imported from the current working directory (6) Configure global alert settings Configures global settings: n n How frequently alerts are sent (configured delay must be greater than 30 seconds) How many alerts are sent Quantum Security Management R81.10 Administration Guide      |      685 threshold_config Menu item Description (7) Configure alert destinations Configures the SNMP Network Management System (NMS), to which the managed Security Gateways and Cluster Members send their SNMP alerts (8) View thresholds overview Shows a list of all available thresholds and their current settings These include: Configure Alert Destinations Options: (1) View alert destinations (2) Add SNMP NMS (3) Remove SNMP NMS (4) Edit SNMP NMS n n n n n (9) Configure thresholds Name Category (see the next option "(9)") State (disabled or enabled) Threshold (threshold point, if applicable) Description Shows the list of threshold categories to configure Thresholds Categories -(1) Hardware (2) High Availability (3) Local Logging Mode Status (4) Log Server Connectivity (5) Networking (6) Resources See the Thresholds Categories table below Thresholds Categories Category Sub-Categories (1) Hardware Hardware Thresholds: -(1) RAID volume state (2) RAID disk state (3) RAID disk flags (4) Temperature sensor reading (5) Fan speed sensor reading (6) Voltage sensor reading (2) High Availability High Availability Thresholds: (1) Cluster member state changed (2) Cluster block state (3) Cluster state (4) Cluster problem status (5) Cluster interface status Quantum Security Management R81.10 Administration Guide      |      686 threshold_config Category Sub-Categories (3) Local Logging Mode Status Local Logging Mode Status Thresholds: (1) Local Logging Mode (4) Log Server Connectivity Log Server Connectivity Thresholds: (1) Connection with log server (2) Connection with all log servers (5) Networking Networking Thresholds: -(1) Interface Admin Status (2) Interface removed (3) Interface Operational Link Status (4) New connections rate (5) Concurrent connections rate (6) Bytes Throughput (7) Accepted Packet Rate (8) Drop caused by excessive traffic (6) Resources Resources Thresholds: (1) Swap Memory Utilization (2) Real Memory Utilization (3) Partition free space (4) Core Utilization (5) Core interrupts rate Quantum Security Management R81.10 Administration Guide      |      687 threshold_config Notes: n n n n If you run the threshold_config command locally on a Security Gateway or Cluster Members to configure the SNMP Monitoring Thresholds, then each policy installation erases these local SNMP threshold settings and reverts them to the global SNMP threshold settings configured on the Management Server that manages this Security Gateway or Cluster On a Security Gateway and Cluster Members, you can save the local Threshold Engine Configuration settings to a file and load it locally later The Threshold Engine Configuration is stored in the $FWDIR/conf/thresholds.conf file In a Multi-Domain Security Management environment: l You can configure the SNMP thresholds in the context of Multi-Domain Server (MDS) and in the context of each individual Domain Management Server l Thresholds that you configure in the context of the Multi-Domain Server are for the Multi-Domain Server only l Thresholds that you configure in the context of a Domain Management Server are for that Domain Management Server and its managed Security Gateway and Clusters l If an SNMP threshold applies both to the Multi-Domain Server and a Domain Management Server, then configure the SNMP threshold both in the context of the Multi-Domain Server and in the context of the Domain Management Server However, in this scenario you can only get alerts from the Multi-Domain Server, if the monitored object exceeds the threshold Example: If you configure the CPU threshold, then when the monitored value exceeds the configured threshold, it applies to both the Multi-Domain Server and the Domain Management Server However, only the MultiDomain Server generates SNMP alerts Quantum Security Management R81.10 Administration Guide      |      688 Glossary Glossary A Active Security Management Server The Management Server in Management High Availability that is currently configured as Active Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers Acronyms: AB, ABOT Anti-Spam Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection Synonym: Anti-Spam & Email Security Acronyms: AS, ASPAM Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected Acronym: AV Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection Acronym: APPI Audit Log Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on) B Bridge Mode Security Gateway or Virtual System that works as a Layer bridge device for easy deployment in an existing topology Quantum Security Management R81.10 Administration Guide      |      689 Glossary C Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing Cluster Member Security Gateway that is part of a cluster Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement See sk119715 Acronym: CTNT CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms Multiple Check Point Firewall instances are running in parallel on multiple CPU cores CoreXL Firewall Instance On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times Each replicated copy, or firewall instance, runs on one processing CPU core These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel Synonym: CoreXL FW Instance Quantum Security Management R81.10 Administration Guide      |      690 Glossary CoreXL SND Secure Network Distributer Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances) Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type The CoreXL SND does not really "touch" packets The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon CPUSE Check Point Upgrade Service Engine for Gaia Operating System With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself For details, see sk92449 D DAIP Gateway Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization Acronym: DLP Data Type Classification of data in a Check Point Security Policy for the Content Awareness Software Blade Distributed Deployment Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers Dynamic Object Special object type, whose IP address is not known in advance The Security Gateway resolves the IP address of this object in real time Quantum Security Management R81.10 Administration Guide      |      691 Glossary E Endpoint Policy Management Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment Expert Mode The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system G Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems Gaia Clish The name of the default command line shell in Check Point Gaia operating system This is a restricted shell (role-based administration controls the number of commands available in the shell) Gaia Portal Web interface for the Check Point Gaia operating system H Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns Synonym: SSL Inspection Acronyms: HTTPSI, HTTPSi Quantum Security Management R81.10 Administration Guide      |      692 Glossary I ICA Internal Certificate Authority A component on Check Point Management Server that issues certificates for authentication Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer Acronym: IDA Identity Logging Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade Inline Layer Set of rules used in another rule in Security Policy Internal Network Computers and resources protected by the Firewall and accessed by authenticated users IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System) IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access J Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package Acronyms: JHA, JHF, JHFA Quantum Security Management R81.10 Administration Guide      |      693 Glossary K Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS) L Log Server Dedicated Check Point server that runs Check Point software to store and process logs Logging & Status Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways M Management High Availability Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other In this mode, one Management Server is Active, and the other is Standby Acronyms: Management HA, MGMT HA Management Interface (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server Manual NAT Rules Manual configuration of NAT rules by the administrator of the Check Point Management Server Quantum Security Management R81.10 Administration Guide      |      694 Glossary Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients Acronym: MAB Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers Acronym: MDLS Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers Synonym: Multi-Domain Security Management Server Acronym: MDS N Network Object Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on Administrators use these objects in Security Policies Network Policy Management Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies O Open Server Physical computer manufactured and distributed by a company, other than Check Point P Package Repository Collection of software packages that were uploaded to the Management Server You can easily install these packages in SmartConsole on the managed Security Gateways Quantum Security Management R81.10 Administration Guide      |      695 Glossary Permission Profile Predefined group of SmartConsole access permissions assigned to Domains and administrators With this feature you can configure complex permissions for many administrators with one definition Policy Layer Layer (set of rules) in a Security Policy Policy Package Collection of different types of Security Policies, such as Access Control, Threat Prevention, QoS, and Desktop Security After installation, Security Gateways enforce all Policies in the Policy Package Primary Security Management Server The Security Management Server in Management High Availability that you install as Primary Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM Q QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency R Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session Rule Base All rules configured in a given Security Policy Synonym: Rulebase Quantum Security Management R81.10 Administration Guide      |      696 Glossary S Secondary Security Management Server The Security Management Server in Management High Availability that you install as Secondary SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain Synonym: Single-Domain Security Management Server Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection SIC Secure Internal Communication The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication This authentication is based on the certificates issued by the ICA on a Check Point Management Server SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower In versions R80.X and higher is still used to configure specific legacy settings Quantum Security Management R81.10 Administration Guide      |      697 Glossary SmartProvisioning Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles Synonyms: Large-Scale Management, SmartLSM, LSM SmartUpdate Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities Standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server Standby Security Management Server The Security Management Server in Management High Availability that is currently configured as Standby T Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious Acronym: TE Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files Acronym: TEX U Updatable Object Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more Quantum Security Management R81.10 Administration Guide      |      698 Glossary URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks Acronym: URLF User Database Check Point internal database that contains all users defined and managed in SmartConsole User Directory Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions User Group Named group of users with related responsibilities User Template Property set that defines a type of user on which a security policy will be enforced V VSX Virtual System Extension Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices These Virtual Devices provide the same functionality as their physical counterparts VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices It holds at least one Virtual System, which is called VS0 Z Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs Acronym: ZPH Quantum Security Management R81.10 Administration Guide      |      699

Ngày đăng: 09/08/2023, 09:28

w