Name : Hany Abadir

I.D.# : 9818920

Check Point FireWall -1

1. Introduction:

The concept of a FireWall is simple: Network traffic comes in through the FireWall

The FireWall examines and controls the traffic, then sends the traffic to its destination.

Installing and maintaining a FireWall is an important part of network operations.

What is a FireWall? A FireWall is a system designed to prevent unauthorized access to or from an internal network. They act as locked doors between internal and external networks. Data meeting certain requirements can get through the locked door, whereas unauthorized data never gains access. Firewalls track and control data, deciding whether to pass, drop, reject, encrypt or log the data. Firewalls ensure data meets the rules of its security policy.

2. FireWall -1 Architecture:

FireWall-1's architecture is based upon two components:

1. Stateful Inspection

2. The FireWall-1 INSPECT engin.

2.1 Stateful Inspection: It assures the highest level of network security as follows:

Communication Information, Communication-derived state, Application - derived state and Information manipulation.

2.2 INSPECT engine: It analyzes all packet communication layers, and extracts the relevant communication and application state information. The Inspection Module resides in an operating system's kernel, but doesn't modify the system's Kernel files.

All traffic is transferred to the INSPECT engine by the NIC driver before traffic reaches an operating system's stack.

FireWall -1 defines how packets are transferred through an internal network.

The following lists some of the advantages of FireWall-1 architecture:

3. The basic components of FireWall -1:

3.1 The FireWall Module:

It Provides access control, client, user and session authentication. And network address translation (NAT), which replaces source and destination network addresses.

NAT can be used to hide internal network structure and/or prevent network address conflicts between networks.

The FireWall Module contains the following components:

Inspection Module: It contains the INSPECT engine. Compiled INSPECT code, and various state and context information stored in dynamic tables.

FireWall-1 Daemon: It is responsible mainly for communication between modules, clients and hosts.

Security Server: Is a specialized server that is responsible for handling authentication of packets for a specific service or protocol.

3.2 The Management Module:

It is accessed through the GUI and located on the Management Server. It's used to control and monitor FireWall Modules either residing on local or remote computers. The Management Server is part of the Management Module and manages its database, including: The rule base, network objects, servers and users.

3.3 The Graphical User Interface ( GUI):

The GUI is the front end to the Management Server. The following are the three GUIs that can be accessed in FireWall-1:

3.3.1 Security Policy Rule Base:

It's an essential part of FireWall-1 administration. Defining and implementing a security policy maximizes FireWall-1's effectiveness. And without the security policy, FireWall -1 is limited to its ability to be an effective security solution. A security policy is a set of rules that define your network security whether the traffic is inbound or outbound, directed to the DMZ, remote locations, or between corporate partners. It's defined using a Rule Base, Which translates your security policy to a collection of individual rules. These rules are created with the Check Point Policy Editor, which is a tool for creating a security policy. Each rule can comprise any combination of network objects, users, services and actions. Once a rule is defined, it provides the ability to define which network enforcement points should be distributed across your internal network.

Considerations: Before creating a security policy for your system, you must answer the following questions: What kind of services, are allowed in your system? What are your users' permissions and authentication schemes? What objects are in your system?

3.3.2 Log Viewer GUI:

It allows you to view entries in the log file. Each entry is a record of an event that according to the Rule Base or the properties, is to be logged, in addition, every event that caused an alert, as well as certain important system events.

The Management Server reads the log file and sends the data to the GUI client for display.

3.3.3 System Status GUI:

It presents a high-level view of operation and flow statistics for all firewalled objects. Communication between firewalled objects and the management station is by a proprietary FireWall-1 protocol. The Management Server retrieves the system status information and sends the data to the GUI client for display. Before FireWall-1 updates the status display, It broadcasts a status request message to all firewalled objects. For each one whose status is displayed, the following information can be obtained:

4. Fire Wall -1 Security issues:

4.1 Content Security:

It's a proxy process for verifying the content of FTP, HTTP or SMTP.

Its feature allows the administrator to define content security and enforce it throughout an internal network. Other advantages include the following:

To implement Content Security, follow these steps:

1. Define a network object for the third-party server.

2. Define a resource that specifies matching and what type of content checking action.

3. Define rules that specify an action taken for the resource.

4.2 An encryption and Virtual Private Network:

Encryption is a method of modifying packet data so that the data can only be decrypted with an encryption key. You can use FireWall-1 to build VPNs, which provides secure communications between two defined participants by encrypting packets across the Internet. FireWall-1 encryption works through the use of special schemes.

A VPN typically uses the Internet as the transport backbone to establish secure links with business partners, extend communications to regional and isolated offices, and significantly decrease the cost of communications for an increasingly mobile workforce.

Types of VPNs:

1. Site-to-site VPN

2. Client-to-site VPN.

Typical configurations for VPNs include the following:

4.3 Secure Remote:

It's another way than encryptions for security engineers to ensure that remote communications traveling through unsecured lines are encrypted.

It allows remote users secure access to their internal networks. This is made possible by a technology called Client Encryption. By using Secure remote, You are creating a client-to site VPN. It does the following:

5. Important aspects of advanced FireWall-1 management:

5.1 Account Management Client (AMC):

Organizations that have multiple user databases in one firewalled network can appreciate a process where all databases are maintained from one location. FireWall-1 allows such a process through the use of the Account Management Client.

The Lightweight Directory Access Protocol (LDAP) is used to communicate with a server that holds information about users and items within an organization must be running in the background before starting the AMC. The server and management client must bind with each other before being able to talk to one another. The first time you access the AMC. There is no account unit set up. The AMC must bind to the LDAP server.

5.2 Load Balancing:

It allows several servers to share and distribute the network load. The security engineer does this by creating a logical server on the FireWall. The logical server set up on the FireWall has a unique IP address, through which packets are routed for load balancing. Traffic that is directed to this logical server is then load shares among the physical server group. Using address resolution protocol (ARP), which is a TCP/IP protocol.

FireWall-1 load balancing ensures packets destined to the IP address of the logical server are passed to the appropriate physical server.

Load Balancing Components:

Load balancing daemon: To direct client packets to a server and notifies the client that all remaining connections must be directed to the IP address of the selected server.

Load Balancing Algorithms: It determines which physical server will fulfill the request.