CCSA – Check Point Certified Security Administrator (CCSA) version R80.40

Check Point’s technology is organized within a unified single management framework. As an IT giant, the company provides network security, endpoint security, cloud security, mobile security, data security an d security management through its’ vast array of products. In this chapter, you will be introduced to Check Point’s unified security management architecture, basic firewall administration, and some of the main security features.

The constantly changing varia tion of software products has fostered the emergence of specialized roles for administra tors to manage the deployment process. There are different deployment scenarios for Check Point software products. In this chapter, you will learn about the different Check Point deployment options and basic functions of the Gaia operating system.

Security Administrators manage all security operations using SmartConsole in a Check Point network environment. This requires that adminis trators have a thorough understanding of how the features and functions in SmartConsole work. Th e SmartConsole is an all-encompassing, unified console for managing Security Po licies, monitoring events, ma naging user access, installing updates, adding new devices and appliances, and managing a multi-domain environment.

Whether designing a solution for corporate headqu arters, a data center, or a branch office, creating a system based on Check Point’s So ftware Blade architecture is the key to implementing an effective security solution. The Check Point Software Blade architecture supports a complete and increasing selec tion of Software Blades, each delivering a modular security function. As your busin ess grows and new threats and challenges emerge, Check Point’s Software Blade architecture quickly and flexibly expands services as needed without the addition of new hard ware. In addition, simple methods for activating and installing licens es for Check Point products make it easy to manage all licenses throughout the entire organiza tion solely from the SmartConsole.

Managing the Security Policy for a large netw ork can quickly become a resource-intensive task. To help manage the network Security Po licy, it is important to know the components of a Security Policy and how they impact traf fic inspection. In this chapter, you will also learn about many SmartConsole features and capabilities that enhance the management of the Security Policy.

Security Policy management can be labor in tensive. To simplify the process, R80.40 organizes policies into Policy Laye rs. In this chapter, we will cover the benefits of having Rule Base options for policy management.

An integral part of configuring the optimal network centers around defining users and user groups. Users and user groups are added to the database manually through LDAP and User Directory or with the help of Active Dire ctory. Defining users and managing internal and external user access is easily achieve d through SmartConsole. Activating Check Point’s Identity Awareness Software Blade for a granular view of users, groups and machines, provides unmatched access control through the cr eation of accurate, identitybased policies.

Network Address Translation allows for the use of non-routable IP addresses in a network. It provides additional security benefits by protecting the identity of network hosts and managing network traffic. Different NAT conf igurations affect the way that Security Gateways handle the resu lting traffic connections.

SmartConsole lets you transform log data into security intelligence by tightly integrating logging, monitoring and event management. Monitoring network activity and analyzing threat data is key to protectin g an organization’s network. SmartConsole traffic visibility tools are designed to help administrators effectively monitor tr affic and connections, analyze log data, troubleshoot events, and qu ickly respond to changes in traffic flow patterns or suspicious security activities.

Security Management Servers and Security Ga teways work together to monitor the state of a Security Enforcement System. SmartConsole and SmartView Mo nitor provide a complete picture for monitoring network activity and the performance. This chapter provides a brief overview of essential tools that help ad ministrators to monitor system states.

Increasingly, Security Administra tors have to know how to pr event, detect and mitigate a range of sophisticated cyber se curity attacks. Check Point’s SmartEvent Software Blade identifies critical security events such as intrusion, Bot incidents, a nd potential data loss before they occur. With its customizable graphical reports and intuitive GUI, administrators can readily monitor pattern s and events as they unfold and provide reporting to key stakeholders in the organization. This chapter will provide an overview of SmartEvent’s architecture, its’ security events and threat prevention capabilities, and reporting features.

The Virtual Private Network (VPN) Software Blade is used to create VPNs to securely communicate and transmit data over the In ternet. Use SmartConsole to create VPN deployments and topologies for a network to easily share internal resources with authenticated users.

Ensuring that Security Gateways and VPN connections are kept alive in a corporate network are critical to maintaining a smoothly running network. The failure of a Security Gateway or VPN connection can result in the loss of active connectio ns. Many of these connections, such as financial transactions, ca n be mission critical an d losing them results in the loss of critical data. ClusterXL provides an infrastructure that does not lose data in case of a system failure. The cluster is a group of identical and connected Security Gateways. It guarantees that if one fa ils, another immediately takes its place.

Basic network monitoring is part of an admi nistrator’s daily routine. Although there are many aspects of the network to monitor, th ere are some tasks that may only require occasional implementation. The Compliance Soft ware Blade is an integral part of monitoring the network’s comp liance with security standard s. This chapter provides a brief overview of tasks performed and tools such as CPView used by administrators to retrieve gateway status info rmation and maintain security.