View
42
Download
4
Category
Preview:
DESCRIPTION
Check Point Connectra NGX R60. Patrick Hanel. Agenda. SSL VPN - Anywhere access - Everywhere issue - The future of SSL VPN - PowerPoint PPT Presentation
Citation preview
April 22, 2023 ©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point ConnectraNGX R60
Patrick Hanel
April 22, 2023 2©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Agenda
SSL VPN- Anywhere access- Everywhere issue- The future of SSL VPN
Check Point Connectra: Secure Web-based connectivity- Integrated endpoint security and application security- Universal updateability- Easy deployment and management- Flexible platform options- Uniqueness in SSL VPN
April 22, 2023 3©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Add more remote users beyond current 20 percent Less technical employees Partners
Reduce remote access support costs Browser based; no client maintenance Less end user complexity
Additional access options Access from home PC, corporate PC, Internet kiosk
SSL VPN: Anywhere Access
Intranet• Email• Applications• FilesExtranet• Portal• Applications• Files
Extranet access•Partner computers
Day Extenders• Email• Basic applications• Home computer
Teleworkers• Email• Applications• Company computer
Mobile workers• Email• Basic applications• Company computer or public computer
April 22, 2023 4©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: Everywhere Access
With IPSec you knew who was coming in
With SSL VPN you don’t (usually)
Company-owned PC
AccessAgreement
PartnerPC
+
Company-owned PC
Employeehome PC
PartnerPC
PublicInternet kiosk
Completelyunmanaged/unsecured
Firewall,antivirus
April 22, 2023 5©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: The Everywhere Issue
SSL VPN Gateway
“Spyware is no longer just an annoying pest swarming home PCs; rather, it has evolved into a serious enterprise security
threat.”– IDC Worldwide Spyware 2004-2008
Forecast and Analysis (Nov. 2004)
Internal applications•Generally nonhardened
External endpoints• Range from secure to completely unsecured
April 22, 2023 6©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Browser-based access
Provide access to client/server applications
EVERYWHERE SECURITY
Key SSL VPN Needs
The Future of SSL VPN: Unification
Anywhere Access
Network Access
Enforce Policyand Secure Data
Secure Applications
Easy to Deploy
ANYWHERE ACCESS
UNIFIED MANAGEMENT
SSL VPNs will follow IPSec evolution: Connectivity + Security
Manage the everywhere security problem
Harden applications from security threats
Minimize deployment and support time
April 22, 2023 7©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point ConnectraWeb Connectivity with Unmatched Security
Unified Web Security Gateway Secure Web-Based Connectivity Integrated Endpoint Security Integrated Application Security Easy Deployment and Management Flexible Deployment Options
Non-WebApplication
Server
EmailServer
WebServer
File ShareServer
AuthenticationServer (Optional)
Check Point Connectra
Anywhere Access
Network Access
Enforce Policyand Secure Data
Secure Applications
Easy to Deploy
April 22, 2023 8©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Secure Web Based Connectivity Connectra Web Portal
Access file share servers
Web-based access to email
Access client/server applications through browser plug-in
Access Web sites and applications
April 22, 2023 9©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Endpoint Security
Key benefits Minimizes risk from
unsecured endpoints Stops ID, password,
and data theft• Scans for spyware and malware• Enforces endpoint security
compliance (antivirus/firewall)• Provides secure browser for data
encryption and cache cleaning• Real-time endpoint security updates
Check PointConnectra
Guest PC, unmanaged• Limit access rights
Public PC using secure browser• Grant higher access rights
Spyware detected• Deny access
Spyware and malware Antivirus and firewall compliance Secure browser
April 22, 2023 10©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Application Security
Key benefits Ensures internal
applications and resources are secure
Increases security protection for when endpoints are less secure
Application Intelligence and Web Intelligence Application-layer protection
• DNS, FTP, HTTP, Microsoft CIFS, etc.
– Block malicious data• Buffer overflows, DOS attacks, SQL
injection, worms, etc.– Real-time security updates
Normal user
Normal user
Hacker/ infected PC
Check PointConnectra
April 22, 2023 11©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Universal Updateability
Delivers the power to update each Check Point
solution in real time against the latest known and unknown security
threats
Perimeter, Internal, Web Strategy: Universal Updateability– Update to All Security Components
• Application Intelligence and Web Intelligence• Endpoint Security
– Universal SmartDefense
April 22, 2023 12©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Easy Deployment and Management
Key benefits Simplifies installation
and management Leverages existing
infrastructure
Authentication Integration– LDAP, RADIUS, SecureID
Application Integration– OWA, Citrix, iNotes, etc.– Email, File Share– SSO
Management– Web-based– Optional SmartCenter
integration
SmartCenterServer
AuthenticationServer
Check PointConnectra
SSL
Management Station(SmartCenter)
Check PointVPN-1
April 22, 2023 13©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra NGX R60 and SmartCenter
Unified Security Management– NGX SmartCenter
• SmartView Tracker• SmartView Monitor• Smart Update• SmartDefense Service
April 22, 2023 14©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Flexible Platform Options
Key benefits Match platform with
price/performance requirements
Connectra appliance– Turnkey solution– Hardened Check Point or
OPSEC hardware platform– Multiple platforms to match
deployment size Connectra software
– Software for open servers– Based on SecurePlatform
Connectra appliance
• Available as dedicated appliance or software for open servers
Connectra software
April 22, 2023 15©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
With Connectra 2.0, Check Point Software Technologies Ltd. leverages its vast experience securing networks, applications and client endpoints to provide the most comprehensive security feature set we've seen in an SSL VPN product to date.
March 14, 2005Connectra 2.0 warrants consideration, especially when compared with other enterprise remote-access solutions. It has all of the core features, plus solid end-point security.
SECURITY
Key SSL VPN Needs
Connectra Uniqueness in SSL VPN
Anywhere Access
Network Access
Enforce policyand Secure Data
Secure Applications
Easy to Deploy
CONNECTIVITY
MANAGEABILITY
Almost all vendors deliver similar set of connectivity featuresSSL Network Extender a solid performer
Some deliver some features Most rely on third-party startups to fill in gapsConnectra the most integrated security, only solution with real-time security updates
Standalone solutions, no integrationUnified Security Architecture: Centralized security management
April 22, 2023 16©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Thank You!
Unified Web Security Gateway Secure Web-Based Connectivity Integrated Endpoint Security Integrated Application Security Easy Deployment and Management Flexible Deployment Options
Non-WebApplication
Server
EmailServer
WebServer
File ShareServer
AuthenticationServer (Optional)
Check Point Connectra
Anywhere Access
Network Access
Enforce Policyand Secure Data
Secure Applications
Easy to Deploy
Recommended