Wednesday, 10 February 2016

VPN Encrypting & Decrypting Method?




Check Point Security Gateway performs IPSec encryption using the following two components:

  • vpnd daemon ($FWDIR/bin/vpnd) -
User Mode daemon, which is in charge of handling both IKE and IPSec SAs, as well as initiating and responding for IKE negotiations with other VPN gateways. This daemon is spawned by fwd daemon.
  • vpnk (VPN kernel - $FWDIR/boot/modules/vpn*mod*.o)                                                   module - Kernel component of the IKE and IPSec implementation - all SAs are downloaded from the vpnd daemon to the vpnk module. To see all the SAs currently downloaded to the vpnk module, run the command "vpn tu" on Security Gateway and select "List all IPSec SAs". The encryption and decryption of IPSec encrypted packets is performed in this kernel module.


Encrypting a packet
 
  • A packet enters the Security Gateway (at Pre-Inbound chain "i").
  • The packet is inspected by the FireWall and sent to the OS Kernel (at Post-Inbound chain "I").
  • The OS routes the packet, using the destination address of the original packet.
  • The outgoing packet is inspected by the FireWall (at Pre-Outbound chain "o").
  • The vpnk module encrypts the packet (at Post-Outbound chain "O").
  • The IPSec packet is sent out.


Decrypting a packet

  • An IPSec packet enters the Security Gateway.
  • The vpnk module decrypts the packet (at Pre-Inbound chain "i").
  • The decrypted (original) packet is inspected by the FireWall and sent to the OS Kernel (at Post-Inbound chain "I").
  • The OS routes the packet, using the destination address of the original packet (at Pre-Outbound chain "o").
  • The outgoing packet is inspected by the FireWall (at Post-Outbound chain "O").
 
Posted by at 1 comment:

Friday, 5 February 2016

What is GAIA?

GAIA : 

                 Check Point Gaia is the next generation Secure Operating System for all Check Point Appliances, Open Servers and Virtualized Gateways.

 Gaia combines the best features from IPSO and SecurePlatform (SPLAT) into a single unified OS providing greater efficiency and robust performance. By upgrading to Gaia, customers will benefit from improved appliance connection capacity and reduced operating costs. With Gaia, IP Appliance customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades.

 Gaia secures IPv6 networks utilizing the Check Point Acceleration & Clustering technology and it protects the most dynamic network and virtualized environments by supporting 5 different dynamic routing protocols. As a 64-Bit OS, Gaia increases the connection capacity of existing appliances supporting up-to 10M concurrent connections for select 2012 Models.

 Gaia simplifies management with segregation of duties by enabling role-based administrative access. Furthermore, Gaia greatly increases operation efficiency by offering Automatic Software Update.

Features of Gaia



  • Support for all Check Point appliances.
  • Support for all Open servers appearing on the Check Point Hardware Compatibility List.
  • High Connection Capacity through 64-bit support on select appliances.
  • New Web UI portal providing full control of the system, with search capability and web based terminal.
  • Unified command line shell which is backward compatible with Clish and cpshell.
  • IPv6 native support, including acceleration, ClusterXL ,Web UI and command line shell.
  • ClusterXL and VRRPRole Based Administration - fine grained control of Administrator's privileges.
  • RADIUS and TACACS+ support.

The following appliances are supported by Gaia:
  • 2012 appliances - 21400, 12600, 12400, 12200, 4800, 4600, 4200, 2200
  • Power-1 - 11000, 9070, 5070
  • UTM-1 - 3070, 2070, 1070, 570, 270, 130
  • Smart-1 - 150, 50, 25, 25B, 5
  • IP Appliances - IP2450, IP1280, IP690, IP560, IP390, IP290, IP282, IP150

Gaia Portal supports the following browsers:




  • Internet Explorer 8 or higher (including IE11).                                                                                                                                                                                            Note: When uploading a file to the appliance in Gaia Portal using Internet Explorer 8, the size of file is limited to 2GB.
  • Chrome 14 or higher
  • Firefox 6 or higher
  • Safari 5 or higher 



Posted by at No comments:

Thursday, 4 February 2016

What are all the products available in the checkpoint?

Checkpoint products 

 

 Check Point's Network security components

  •  Firewall,
  • IPsec VPN,
  • Mobile Access,
  • Intrusion Prevention,
  • Antivirus,
  • Anti-spam 
  • Email security,
  • URL filtering,
  • Data Loss Prevention,
  • Anti-Bot 
  • Application Control.
Posted by at No comments:

What is firewall?

Firewall:
            
 Acting as a barrier between a trusted network and other untrusted networks such as the Internet or less-trusted networks such as a retail merchant's network outside of a cardholder data environment a firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network defined in the firewall policy is; all other traffic is denied.

Types of the firewall:
  • Packet firewalls
  • Stateful firewalls
  • Application-layer firewalls
  • Proxy firewalls
  • Firewalls in the perimeterless age

Posted by at 1 comment:
Subscribe to: Posts (Atom)