Upload
jolie
View
56
Download
0
Embed Size (px)
DESCRIPTION
Check Point Software SSL VPN Solutions Technical Overview. Thorsten Schuberth Technical Consultant Nubit 2005. Agenda. Introduction to SSL VPN Solutions Connectra 2.0 New Security Features Integrity Clientless Security (ICS) 3.0 Integrity Secure Browser (ISB) AV Checking - PowerPoint PPT Presentation
Citation preview
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point SoftwareSSL VPN Solutions
Technical Overview
Thorsten SchuberthTechnical Consultant
Nubit 2005
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Agenda
Introduction to SSL VPN Solutions Connectra 2.0
– New Security Features• Integrity Clientless Security (ICS) 3.0
– Integrity Secure Browser (ISB)– AV Checking– Enhanced Protection Levels
SSL Network Extender (SNX)– ICS Integration with R55 HFA-12
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Security Solution
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Web Threat Environment
Most cyber attacks and Internet security violations are generated through Internet applications.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Web Security Portfolio
SSL VPN for Web-based remote access– Connectra, The Web Security Gateway
• Unified SSL VPN, Web security, and Endpoint security
– SSL Network Extender• Network-level SSL VPN for Connectra &
VPN-1
Web Application Firewall – Web Intelligence
• Web Security for Connectra & VPN-1
Endpoint Security– Integrity Clientless Security
• Integrated into Connectra, available for Web applications
Securing the Web for Business
Bringing Business to the Web
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Introducing ConnectraWeb Connectivity with Unmatched Security
Web Security Gateway Features Secure Web-Based Connectivity Integrated Server Security Adaptive Endpoint Security One-Click SSL Extranet Seamless Network Deployment
and Management
SSL VPNSSL VPN
IntegratedSecurity
IntegratedSecurity
EasyDeployment
EasyDeployment
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra – The Web Security Gateway
Security will be the #1 buying criteria for SSL VPN gateways in 2005
Key Advantage Today = MOST SECURE Endpoint Security Integration Integrated Attack Prevention
“Endpoint security integration was the #1 reason we chose Check Point.”
- Large Energy Company
“Endpoint security is an escalating problem as SSL VPNs go mainstream.”
- John Girard, VP of Gartner
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Introducing SSL Network ExtenderSecure Network-Level Connectivity over the Web
SSL
Network-level connectivity over SSL VPN– Browser Plug-in
Supports all IP-based applications– TCP, UDP, ICMP, FTP, etc.
Integrated with Check Point Gateways– Connectra
• Enables native applications support– VPN-1
• Combined IPSec and SSL
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Introducing Web IntelligenceProtection for the Entire Web Environment
Web application firewall technology for Check Point products.
Advanced Product Features– Malicious Code Protector ™
Patent-pending technology that catches buffer overflow attacks and other malicious code.
– Advanced Streaming InspectionExtends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams.
– Simple Deployment and ManagementBuilt to be quickly deployed to protect Web servers without complex tuning and configuration.
Seamless Integration with Check Point ProductsProvides protection for the entire Web environment.
• Included in Connectra• Available as an add-on to VPN-1 gateways• Will be available on InterSpect
WebServers
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Introducing Integrity Clientless Security
Key Benefits Stops ID and password theft, prevents
data loss Makes it easy to secure non-IT
controlled PC’s that access the enterprise network
Prevents any non-compliant remote PC from compromising enterprise security
Key Features Spyware Detection & Remediation Simple Deployment & Maintenance Network Access Policy Enforcement Integrates with Web Applications-
Outlook Web Access, Extranet Portals Integrated with Connectra
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrity Secure Browser Configuration
Windows Only Solution– IE Offers Transparent Install– Other Browsers are Supported
• Manual Prompt to Install ISB– Mozilla, Netscape & Opera
– Subsequent Connections will not require reinstallation
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrity Secure Browser
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra 2.0 ICS 3.0 Integration
Integrity Secure Browser– ISB will safeguard data in:
• Password and Form fields• URL history• cached files• recently-used files
– Warns users of potentially unsafe actions• Copy to local Clipboard• Download Files
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Protection Level Enhancements
Added Options to require ICS &/or ISB Enables Access to applications where
ICS/ISB support is not currently available– Macintosh & Linux users can now connect
even if ICS is enabled
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
ICS 3.0 Anti-Virus Checking
AV Checking Support for– Trend PC-cillin &OfficeScan– CA eTrust & VET– Symantec Norton Antivirus– Sophos AV– McAfee VirusScan– Zone Alarm Antivirus
DAT file version restrictions– Minimum DAT file version– DAT file creation date should be newer than– DAT file should be no older than <x> days
You can check that the Anti Virus is:– Installed– Installed and running
Custom Error Message for Out of Compliance AV– Shared by all AV Checks
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra Appliance vs. Software Comparison
50 100 250 500 1,000 U
Connectra Series 1000
Cat 4$10,000 $15,000 $24,000
Connectra Series 2000
Cat 4$24,000 $36,000 $54,000
Connectra Series 6000
Cat 4$44,000 $60,000 $90,000
Connectra SW
Cat 1$8,000 $15,000 $30,000 $50,000 $60,000
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL Network Extender for VPN-1
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
R55 HFA-12 SNX & ICS
R55 SNX Integrated with ICS 2.2– AV Checking– File/Registry checks
• Requirement or Prohibition• Observation Mode remote nodes
Separate Installations of ICS & VPN-1 Each Product is licensed & purchased
independently Manual Process for updating configuration file
on VPN-1 gateways– $FWDIR/conf/extender/request.xml
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
ICS 2.2 Overview
Browser control (ActiveX) sent to users
before they log into their web based
application.
• Scans, identifies, and
disables spyware
• Displays detected
threats and provides
removal assistance
• Optionally, enforces
security policy
compliance by
preventing network
access to PCs that
contain screened
software, have outdated
anti-virus definitions, or
are missing other
requirements
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
ICS Integration with SNX
User Presented with ICS Scan prior to authentication
Same ICS scan for all users per gateway No Protection Level Granularity as with
Connectra
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Thank You
Questions???