). We will start our blog with a short introduction to Check Point technologies.
We thought for a long time about whether it was worth writing this article, because there is nothing new in it that could not be found on the Internet. However, despite such an abundance of information, when working with clients and partners, we quite often hear the same questions. Therefore, it was decided to write some kind of introduction to the world of Check Point technologies and reveal the essence of the architecture of their solutions. And all this is within the framework of one “small” post, a quick excursion, so to speak. Moreover, we will try not to get into marketing wars, because... We are not a vendor, but simply a system integrator (although we really love Check Point) and will simply look at the main points without comparing them with other manufacturers (such as Palo Alto, Cisco, Fortinet, etc.). The article turned out to be quite lengthy, but it cuts most questions during the Check Point familiarization stage. If you are interested, then welcome to the cat...
UTM/NGFW
When starting a conversation about Check Point, the first place to start is with an explanation of what UTM and NGFW are and how they differ. We will do this very concisely so that the post does not turn out to be too long (perhaps in the future we will consider this issue in a little more detail)
UTM - Unified Threat Management
In short, the essence of UTM is the consolidation of several security tools in one solution. Those. everything in one box or some kind of all inclusive. What is meant by “multiple remedies”? The most common option is: Firewall, IPS, Proxy (URL filtering), streaming Antivirus, Anti-Spam, VPN and so on. All this is combined within one UTM solution, which is easier in terms of integration, configuration, administration and monitoring, and this in turn has a positive effect on the overall security of the network. When UTM solutions first appeared, they were considered exclusively for small companies, because UTMs couldn't handle large volumes of traffic. This was for two reasons:
- Packet processing method. The first versions of UTM solutions processed packets sequentially, each “module”. Example: first the packet is processed by the firewall, then IPS, then it is scanned by Anti-Virus, and so on. Naturally, such a mechanism introduced serious delays in traffic and greatly consumed system resources (processor, memory).
- Weak hardware. As mentioned above, sequential processing of packets greatly consumed resources and the hardware of those times (1995-2005) simply could not cope with large traffic.
Below is the famous Gartner Magic Quadrant for UTM solutions for August 2016:
I won’t comment much on this picture, I’ll just say that the leaders are in the upper right corner.
NGFW - Next Generation Firewall
The name speaks for itself - the next generation firewall. This concept appeared much later than UTM. The main idea of NGFW is deep Scan packets (DPI) using built-in IPS and access control at the application level (Application Control). IN in this case IPS is precisely what is needed to identify this or that application in the packet stream, which allows you to allow or deny it. Example: We can allow Skype to work, but prohibit file transfer. We can prohibit the use of Torrent or RDP. Web applications are also supported: You can allow access to VK.com, but prohibit games, messages or watching videos. Essentially, the quality of an NGFW depends on the number of applications it can detect. Many believe that the emergence of the NGFW concept was common marketing ploy against the backdrop of which the Palo Alto company began its rapid growth.
Gartner Magic Quadrant for NGFW for May 2016:
UTM vs NGFW
Very frequently asked question, what is better? There is no definite answer here and cannot be. Especially considering the fact that almost all modern UTM solutions contain NGFW functionality and most NGFWs contain functions inherent to UTM (Antivirus, VPN, Anti-Bot, etc.). As always, “the devil is in the details,” so first of all you need to decide what you need specifically and decide on your budget. Based on these decisions, you can choose several options. And everything needs to be tested unambiguously, without believing marketing materials.
We, in turn, in several articles, will try to talk about Check Point, how you can try it and what, in principle, you can try (almost all the functionality).
Three Check Point Entities
When working with Check Point, you will definitely encounter three components of this product:
Check Point Operating System
Speaking about the Check Point operating system, we can recall three at once: IPSO, SPLAT and GAIA.
- IPSO - operating system Ipsilon Networks, which was owned by Nokia. In 2009, Check Point bought this business. No longer developing.
- SPLAT- Check Point's own development, based on the RedHat kernel. No longer developing.
- Gaia- the current operating system from Check Point, which appeared as a result of the merger of IPSO and SPLAT, incorporating all the best. It appeared in 2012 and continues to actively develop.
Execution options (Check Point Appliance, Virtual machine, OpenServer)
There is nothing surprising here, like many vendors, Check Point has several product options:
Implementation options (Distributed or Standalone)
A little higher we have already discussed what a gateway (SG) and a management server (SMS) are. Now let's discuss options for their implementation. There are two main ways:
As I said just above, Check Point has its own SIEM system - Smart Event. You can use it only in case of Distributed installation.
Operating modes (Bridge, Routed)
The Security Gateway (SG) can operate in two main modes:
- Routed- the most common option. In this case, the gateway is used as an L3 device and routes traffic through itself, i.e. Check Point is the default gateway for the protected network.
- Bridge- transparent mode. In this case, the gateway is installed as a regular “bridge” and passes through traffic at the second level (OSI). This option is usually used when there is no possibility (or desire) to change the existing infrastructure. You practically don't have to change the network topology and don't have to think about changing IP addressing.
Check Point Software Blades
We have almost reached the most important topic of Check Point, which raises the most questions among customers. What are these “software blades”? Blades refer to certain Check Point functions.
These functions can be turned on or off depending on your needs. At the same time, there are blades that are activated exclusively on the gateway (Network Security) and only on the management server. The pictures below show examples for both cases:
1) For Network Security(gateway functionality)
Let's describe it briefly, because... each blade deserves its own article.
- Firewall - firewall functionality;
- IPSec VPN - building private virtual networks;
- Mobile Access - remote access from mobile devices;
- IPS - intrusion prevention system;
- Anti-Bot - protection against botnet networks;
- AntiVirus - streaming antivirus;
- AntiSpam & Email Security - protection of corporate email;
- Identity Awareness - integration with Active Directory service;
- Monitoring - monitoring of almost all gateway parameters (load, bandwidth, VPN status, etc.)
- Application Control - application level firewall (NGFW functionality);
- URL Filtering - Web security (+proxy functionality);
- Data Loss Prevention - protection against information leaks (DLP);
- Threat Emulation - sandbox technology (SandBox);
- Threat Extraction - file cleaning technology;
- QoS - traffic prioritization.
2) For Management(control server functionality)
- Network Policy Management - centralized policy management;
- Endpoint Policy Management - centralized management of Check Point agents (yes, Check Point produces solutions not only for network protection, but also for protecting workstations (PCs) and smartphones);
- Logging & Status - centralized collection and processing of logs;
- Management Portal - security management from the browser;
- Workflow - control over policy changes, audit of changes, etc.;
- User Directory - integration with LDAP;
- Provisioning - automation of gateway management;
- Smart Reporter - reporting system;
- Smart Event - analysis and correlation of events (SIEM);
- Compliance - automatically checks settings and issues recommendations.
The blade architecture allows you to use only truly required functions, which affects the budget of the solution and the overall performance of the device. It is logical that the more blades you activate, the less traffic you can “drive through”. That is why the following performance table is attached to each Check Point model (we took the characteristics of the 5400 model as an example):
As you can see, there are two categories of tests here: on synthetic traffic and on real - mixed. Generally speaking, Check Point is simply forced to publish synthetic tests, because... some vendors use such tests as benchmarks, without examining the performance of their solutions on real traffic (or deliberately hide such data due to their unsatisfactory nature).
In each type of test, you can notice several options:
- test only for Firewall;
- Firewall+IPS test;
- Firewall+IPS+NGFW (Application control) test;
- test Firewall+Application Control+URL Filtering+IPS+Antivirus+Anti-Bot+SandBlast (sandbox)
I think this is where we can finish the introductory article on Check Point technologies. Next, we will look at how you can test Check Point and how to deal with modern threats information security(viruses, phishing, ransomware, zero-day).
P.S. Important point. Despite its foreign (Israeli) origin, the solution is certified in the Russian Federation by regulatory authorities, which automatically legalizes its presence in government institutions (comment by
Let's find out more about this place. Occupying more than 500 sq. m, the Checkpoint anti-cafe is the largest not only in Russia, but also in the world. At a minimum, in this indicator they have no equal. Here you will be greeted by 16 modern rooms decorated in a unique style. Each of them has its own purpose and will be able to please guests with absolutely different tastes. “Checkpoint” can rightfully be called an international anti-cafe and co-working space.
The idea of creating an anti-cafe “Checkpoint”
The founders of Checkpoint wanted to implement creative ideas and do something for the soul. As a result, an anti-cafe appeared that was liked not only by them, but also by many others. Most anti-cafes have a home-style design, the interior is apartment-style and there is little space. The creators of "Checkpoint" wanted brightness and stylish design, where you can meet with friends to play Board games and just chat, or even make new friends. They did it and more.
The founders really like the idea of global citizenship, which is the basis of the Checkpoint anti-cafe. By coming here, you automatically become a citizen of the world and will always be a welcome guest. Everything here is imbued with the spirit of travel. Moving from one hall to another, you seem to find yourself in another state.
How did the name of the anti-cafe “Checkpoint” come about?
The name “CheckPoint” did not appear immediately. First, the founders of the anti-cafe thought through the concept of the establishment - the unique design of each room and connection to a specific city. Therefore, the first thing that came to mind as a name was “ Big cities" It seemed uninteresting and boring. Then they came up with “Check-in”, as in the famous social network FourSquare, but when pronounced quickly it turned out to be chicken.
After the next brainstorming appeared interesting name“Checkpoint”, like at the airport. This is a kind of checkpoint where the visitor enters another world and goes on a journey. As a result, 16 unique rooms with their own atmosphere were created.
Reception and kitchen
The first thing guests see is the reception and kitchen. Previously, it was a separate hall and was called “Moscow”. Why this name? Almost everything here is red: the floor, communist posters and lighting. The poster specifically notes that there is no smoking or drinking here and that the establishment is exemplary.
Another reason for this name is the constant availability of food. All kinds of sweets, hot chocolate, more than 7 types of coffee and more than 20 types of tea, which are brewed in special cast-iron teapots. According to the rules of the tea ceremony, it is in such a container that this drink must be brewed. The tradition originated in ancient China.
Those who come from 8:00 to 12:00 will be able to have breakfast with porridge with honey or jam. In addition to regular sweets, you have various convenience foods, ice cream and soda at your disposal, but these are for an additional fee. Prices correspond to store prices. You can also take food with you or order delivery directly to the anti-cafe.
Keep in mind that alcohol, hookah and similar things are strictly prohibited here, so you can safely come here with your children, celebrate birthdays, work and just have a good time. The exception is when all Checkpoint anti-cafes are rented.
In front of the reception there is a small room where they sell healthy eating. Presented here different products nutrition, without sugar and any harmful impurities.
Safety and care of guests
The administration of the anti-cafe really cares about its guests and does everything possible to create an atmosphere of comfort and coziness. If you are missing something, contact the administrator and they will help you. For example, some guests complained about the lack of a screen and projector, and after a couple of days the equipment was purchased and installed.
The safety of visitors is taken seriously here. The Checkpoint anti-cafe has about 35 surveillance cameras, an alarm button and security in the courtyard. The courtyard in front of the entrance to the anti-cafe is also equipped with 25 video cameras.
Halls of the anti-cafe “Checkpoint” and more
Before traveling, pay attention to the sign above the door. It shows all the rooms of the Checkpoint anti-cafe, as well as the number of steps to each of them. The number of steps was measured several times, resulting in a kind of mini map.
"Checkpoint" is the only linguistic cafe in Russia, where they conduct regular master classes, courses, open lessons in English, French, Spanish, Chinese and other languages. The interior and location in the center are ideal for the development of foreign interest clubs, and 16 full-fledged halls can accommodate almost any group of comers.
"Cambridge"
It’s a little strange, but at Cambridge, guests play X-boxes. Before giving this name, some research was carried out. It turns out that the first game of tic-tac-toe on a computer was developed in Cambridge back in 1952. The second reason is more prosaic - it’s just great that anti-cafe visitors play in the Cambridge library. Placed on the walls e-books in the form of QR codes and anyone can download them to their phone or tablet.
"Paris"
The anti-cafe “Checkpoint” was not without romance. Paris is associated with a meeting of lovers, a place where there are only two people, and this creates a certain atmosphere and, of course, dim lighting. Therefore, the walls of the hall are painted black with dim lighting. Over time, Paris joined Cambridge and became part of the playing area.
By the way, the design of “Paris” was done by a friend of the founders of the anti-cafe “Checkpoint” - a designer from St. Petersburg, who was very interested in creating together with others and creating this cozy place.
"Monte Carlo"
With an area of more than 50 square meters, this room is the largest in the Checkpoint anti-cafe. Here you will be greeted by about 50 board games, some books and a makeshift stage. The hall was named after one of the most famous gaming cities. His fame is largely due to the James Bond films, where he often visits the casino.
There is a “communication board” in the center of the room. Here, guests leave absolutely different things: wishes from the administration, reviews of the anti-cafe, a phone number for dating. This is a kind of “chat” for visitors to the Checkpoint anti-cafe.
You can also find the local library here: books brought by guests of the establishment. The topics of the books begin with programming and end with pulp novels. You can take any of them with you, but it is advisable to bring one back or another one.
Surprisingly, or maybe not, the toilet in the anti-cafe was called “London”. Initially, it was planned to create a hot spot in the form of the ancient city of Mohenjo-Daro. The founders were sure that this was the name of one of the Mayan cities, but later it turned out that this was in Pakistan and Maya had nothing to do with it.
After this, the designer suggested decorating the place in the form of red booths in the style of London. The association is as follows: in the capital Foggy Albion always damp and humid... just like... well, you get the idea. In general, it turned out to be “London” and, I must say, quite stylish. Let me make a remark - the owners of the Checkpoint anti-cafe in no way wanted to make fun of their foreign comrades. It happened.
"Hollywood"
Hollywood is associated with films, cinematography and cinema. That's right - there is a cinema here. In addition, seminars, master classes and presentations are held here. Not without game consoles- X-box.
"Las Vegas"
This is the second playroom and they named it accordingly. On the walls there is an American flag, a Las Vegas sign and the famous Grand Canyon. A magnetic board has been installed here, on which everyone can attach magnets brought from different corners planets. Magnets often break, so if you want to attach your own, it’s better to choose a rubber one.
"Beijing"
“Beijing” in “Checkpoint” happened by accident. Initially they wanted to name it Hong Kong, but the designer decorated everything in communist colors, so the name was given in honor of the capital of our Chinese neighbors, where labor comes first. And this is no longer a coincidence - people both have fun and work here: previously the room was completely used as a co-working space.
"Amsterdam"
No, you won't find "interesting" cakes or "red" street here. But at your disposal is a bright, stylish room with sofas, where you can connect a projector and watch a movie or play “Mafia” (games are held every Friday).
Transylvania is the birthplace of Dracula. The only room, other than the ISS, where there are no windows. The interior is made in black and red colors, and things corresponding to the theme are hung on the walls. People often come here to work, but the atmosphere here is quite specific. The place is ideal for playing mafia.
Barcelona
“Barcelona” is made in bright, rich colors and looks more like a mosaic. It was from the port of Barcelona that chocolate began its victorious march across Europe and the whole world, when Cartes brought an unknown but very tasty drink.
"Broadway"
Perhaps the name was given because the hall is very similar to the longest street in New York - Broadway. In fact, it is a kind of corridor with tables, chairs and a sofa. Here you can play board games and play guitar (on Saturdays). Thanks to thick curtains, you can close yourself off from prying eyes.
"Rio de Janeiro"
Carnival, Brazilian dances and friendly people are the first things that come to mind when you hear Rio de Janeiro. It would seem, what does anti-cafe have to do with it? But at Checkpoint there is a hall with that name. It is also decorated in colorful colors.
"Venice"
“Venice” was called the same as “London” - a toilet. The name was chosen based on the principle of “which cities are subject to flooding” and the first thing that came to mind was “Venice”. I’ll add a remark - no mockery of the city of the same name, it just happened that way. It turned out just as stylish as with “London”.
"NY"
One of the largest halls of the Checkpoint anti-cafe, which can accommodate up to 50 people. There are thematic photographs and drawings on the walls. Corporate meetings, seminars, master classes and other events are often held in New York. Flipcharts, a projector and a spacious room will help you with this.
"ISS"
This can hardly be called a hall, rather a place for two, exactly how many people can fit here. ISS is ideal for watching movies together. You can order food, put it on the table, hug your significant other and enjoy the masterpieces of cinema. There was a photo of the space station on the wall.
"Denmark", "Sweden", "Norway"
Three small rooms are given over to coworking space. Everything is done in a minimalist style: tables, chairs, lighting and flags on the walls. Here you can work calmly, without being distracted by anything.
Anti-cafe application "Checkpoint"
Checkpoint has its own application for phones. It gives you the opportunity to receive gifts and discounts from anti-cafes, make suggestions about ongoing events, and leave reviews. In order not to miss anything interesting, you can subscribe to the newsletter and always be aware of all the events taking place in the anti-cafe.
Prices and equipment at the Checkpoint anti-cafe
The cost of one minute (for the first hour of stay) in the anti-cafe is 2.99 rubles, all subsequent minutes are 2 rubles. Children under 3 years old stay in the anti-cafe for free. Reservation X-box or karaoke – 100 rub. (for 3 hours). Table reservation – 50 RUR/person. (paid separately).
Total area and capacity
- room area – 500 sq m;
- number of halls – 16;
- total capacity – up to 140 people;
- seats – 80.
Season tickets
- RUB 8,000 – monthly (valid for 1 month);
- RUB 3,000 – weekly (valid for 1 week);
- 500 rub – daily (valid for 1 day, on weekdays, from 9:00 to 19:00);
- 600 RUR – night (valid for 1 night, from 23:00 to 9:00).
For fun
- 120 board games;
- library;
- 6 consoles (x-box);
- 1 kinect;
- 3 TVs;
- synthesizer;
- acoustic guitar;
- karaoke (2 microphones, speaker system).
For work
- 5 computers;
- 5 flipcharts;
- wi-fi;
- 3 projectors;
- office.
For the stomach
- 20 types of loose leaf tea;
- coffee beans, 2 coffee machines (latte, hot chocolate, black coffee);
- 7 types of cookies;
- cooler;
- fridge;
- semi-finished products, ice cream, soda (for a fee);
- porridge from 8:00 to 12:00.
Payments accepted
- bank cards;
- electronic money;
- cash.
Events
Almost every day there are events at Checkpoint various events and events. We selected a couple of them.
Spanish club
). We will start our blog with a short introduction to Check Point technologies.
We thought for a long time about whether it was worth writing this article, because... there is nothing new in it that could not be found on the Internet. However, despite such an abundance of information, when working with clients and partners, we quite often hear the same questions. Therefore, it was decided to write some kind of introduction to the world of Check Point technologies and reveal the essence of the architecture of their solutions. And all this is within the framework of one “small” post, a quick excursion, so to speak. Moreover, we will try not to get into marketing wars, because... We are not a vendor, but simply a system integrator (although we really love Check Point) and will simply look at the main points without comparing them with other manufacturers (such as Palo Alto, Cisco, Fortinet, etc.). The article turned out to be quite lengthy, but it covers most of the questions at the stage of familiarization with Check Point. If you are interested, then welcome to the cat...
UTM/NGFW
When starting a conversation about Check Point, the first place to start is with an explanation of what UTM and NGFW are and how they differ. We will do this very concisely so that the post does not turn out to be too long (perhaps in the future we will consider this issue in a little more detail)
UTM - Unified Threat Management
In short, the essence of UTM is the consolidation of several security tools in one solution. Those. everything in one box or some kind of all inclusive. What is meant by “multiple remedies”? The most common option is: Firewall, IPS, Proxy (URL filtering), streaming Antivirus, Anti-Spam, VPN and so on. All this is combined within one UTM solution, which is easier in terms of integration, configuration, administration and monitoring, and this in turn has a positive effect on the overall security of the network. When UTM solutions first appeared, they were considered exclusively for small companies, because... UTMs couldn't handle large volumes of traffic. This was for two reasons:
But progress does not stand still. Since then, hardware capacity has increased significantly, and packet processing has changed (it must be admitted that not all vendors have it) and began to allow almost simultaneous analysis in several modules at once (ME, IPS, AntiVirus, etc.). Modern UTM solutions can “digest” tens and even hundreds of gigabits in deep analysis mode, which makes it possible to use them in the segment of large businesses or even data centers.
Below is the famous Gartner Magic Quadrant for UTM solutions for August 2016:
I won’t comment much on this picture, I’ll just say that the leaders are in the upper right corner.
NGFW - Next Generation Firewall
The name speaks for itself - the next generation firewall. This concept appeared much later than UTM. The main idea of NGFW is deep packet analysis (DPI) using built-in IPS and access control at the application level (Application Control). In this case, IPS is precisely what is needed to identify this or that application in the packet stream, which allows you to allow or deny it. Example: We can allow Skype to work, but prohibit file transfer. We can prohibit the use of Torrent or RDP. Web applications are also supported: You can allow access to VK.com, but prohibit games, messages or watching videos. Essentially, the quality of an NGFW depends on the number of applications it can detect. Many believe that the emergence of the NGFW concept was a common marketing ploy against the backdrop of which the Palo Alto company began its rapid growth.
Gartner Magic Quadrant for NGFW for May 2016: 
UTM vs NGFW
A very common question is, which is better? There is no definite answer here and cannot be. Especially considering the fact that almost all modern UTM solutions contain NGFW functionality and most NGFWs contain functions inherent to UTM (Antivirus, VPN, Anti-Bot, etc.). As always, “the devil is in the details,” so first of all you need to decide what you need specifically and decide on your budget. Based on these decisions, you can choose several options. And everything needs to be tested unambiguously, without believing marketing materials.
We, in turn, in several articles, will try to talk about Check Point, how you can try it and what, in principle, you can try (almost all the functionality).
Three Check Point Entities
When working with Check Point, you will definitely encounter three components of this product:
Check Point Operating System
Speaking about the Check Point operating system, we can recall three at once: IPSO, SPLAT and GAIA.
Speaking about Gaia, it should be said that at the moment the most common version is R77.30. Relatively recently, the R80 version appeared, which differs significantly from the previous one (both in terms of functionality and control). We will devote a separate post to the topic of their differences. Another important point is that currently only version R77.10 has a FSTEC certificate, and version R77.30 is being certified.
Execution options (Check Point Appliance, Virtual machine, OpenServer)
There is nothing surprising here, like many vendors, Check Point has several product options:
Implementation options (Distributed or Standalone)
A little higher we have already discussed what a gateway (SG) and a management server (SMS) are. Now let's discuss options for their implementation. There are two main ways:
This option is suitable when you have only one gateway that is lightly loaded with user traffic. This option is the most economical, because... there is no need to buy a management server (SMS). However, if the gateway is heavily loaded, you may end up with a “slow” control system. Therefore, before choosing a Standalone solution, it is best to consult or even test this option.
The best option in terms of convenience and performance. Used when it is necessary to manage several gateways at once, for example central and branch ones. In this case, you need to purchase a management server (SMS), which can also be in the form of an appliance or a virtual machine.
As I said just above, Check Point has its own SIEM system - Smart Event. You can use it only in case of Distributed installation.
Operating modes (Bridge, Routed)
The Security Gateway (SG) can operate in two main modes:
- Routed- the most common option. In this case, the gateway is used as an L3 device and routes traffic through itself, i.e. Check Point is the default gateway for the protected network.
- Bridge- transparent mode. In this case, the gateway is installed as a regular “bridge” and passes through traffic at the second level (OSI). This option is usually used when there is no possibility (or desire) to change the existing infrastructure. You practically don't have to change the network topology and don't have to think about changing IP addressing.
Check Point Software Blades
We have almost reached the most important topic of Check Point, which raises the most questions among customers. What are these “software blades”? Blades refer to certain Check Point functions.
These functions can be turned on or off depending on your needs. At the same time, there are blades that are activated exclusively on the gateway (Network Security) and only on the management server. The pictures below show examples for both cases:
1) For Network Security(gateway functionality) 
Let's describe it briefly, because... each blade deserves its own article.
- Firewall - firewall functionality;
- IPSec VPN - building private virtual networks;
- Mobile Access - remote access from mobile devices;
- IPS - intrusion prevention system;
- Anti-Bot - protection against botnet networks;
- AntiVirus - streaming antivirus;
- AntiSpam & Email Security - protection of corporate email;
- Identity Awareness - integration with Active Directory service;
- Monitoring - monitoring of almost all gateway parameters (load, bandwidth, VPN status, etc.)
- Application Control - application level firewall (NGFW functionality);
- URL Filtering - Web security (+proxy functionality);
- Data Loss Prevention - protection against information leaks (DLP);
- Threat Emulation - sandbox technology (SandBox);
- Threat Extraction - file cleaning technology;
- QoS - traffic prioritization.
2) For Management(control server functionality) 
- Network Policy Management - centralized policy management;
- Endpoint Policy Management - centralized management of Check Point agents (yes, Check Point produces solutions not only for network protection, but also for protecting workstations (PCs) and smartphones);
- Logging & Status - centralized collection and processing of logs;
- Management Portal - security management from the browser;
- Workflow - control over policy changes, audit of changes, etc.;
- User Directory - integration with LDAP;
- Provisioning - automation of gateway management;
- Smart Reporter - reporting system;
- Smart Event - analysis and correlation of events (SIEM);
- Compliance - automatically checks settings and issues recommendations.
The architecture of the blades allows you to use only the functions you really need, which affects the budget of the solution and the overall performance of the device. It is logical that the more blades you activate, the less traffic you can “drive through”. That is why the following performance table is attached to each Check Point model (we took the characteristics of the 5400 model as an example): 
As you can see, there are two categories of tests here: on synthetic traffic and on real - mixed. Generally speaking, Check Point is simply forced to publish synthetic tests, because... some vendors use such tests as benchmarks, without examining the performance of their solutions on real traffic (or deliberately hide such data due to their unsatisfactory nature).
In each type of test, you can notice several options:
Look carefully at these parameters when choosing your solution, or contact for.
I think this is where we can finish the introductory article on Check Point technologies. Next, we will look at how you can test Check Point and how to deal with modern information security threats (viruses, phishing, ransomware, zero-day).
What UTM/NGFW tools do you use?
Check Point | |
Cisco Firepower | |
Fortinet | |
Palo Alto | |
Sophos | |
Dell SonicWALL | |
Huawei | |
WatchGuard | |
Juniper | |
UserGate | |
Traffic inspector | |
Rubicon | |
Ideco | |
OpenSource solution | |
Other |
Only registered users can participate in the survey. , Please.
). We will start our blog with a short introduction to Check Point technologies.
We thought for a long time about whether it was worth writing this article, because... there is nothing new in it that could not be found on the Internet. However, despite such an abundance of information, when working with clients and partners, we quite often hear the same questions. Therefore, it was decided to write some kind of introduction to the world of Check Point technologies and reveal the essence of the architecture of their solutions. And all this is within the framework of one “small” post, a quick excursion, so to speak. Moreover, we will try not to get into marketing wars, because... We are not a vendor, but simply a system integrator (although we really love Check Point) and will simply look at the main points without comparing them with other manufacturers (such as Palo Alto, Cisco, Fortinet, etc.). The article turned out to be quite lengthy, but it covers most of the questions at the stage of familiarization with Check Point. If you are interested, then welcome to the cat...
UTM/NGFW
When starting a conversation about Check Point, the first place to start is with an explanation of what UTM and NGFW are and how they differ. We will do this very concisely so that the post does not turn out to be too long (perhaps in the future we will consider this issue in a little more detail)
UTM - Unified Threat Management
In short, the essence of UTM is the consolidation of several security tools in one solution. Those. everything in one box or some kind of all inclusive. What is meant by “multiple remedies”? The most common option is: Firewall, IPS, Proxy (URL filtering), streaming Antivirus, Anti-Spam, VPN and so on. All this is combined within one UTM solution, which is easier in terms of integration, configuration, administration and monitoring, and this in turn has a positive effect on the overall security of the network. When UTM solutions first appeared, they were considered exclusively for small companies, because... UTMs couldn't handle large volumes of traffic. This was for two reasons:
- Packet processing method. The first versions of UTM solutions processed packets sequentially, each “module”. Example: first the packet is processed by the firewall, then IPS, then it is scanned by Anti-Virus, and so on. Naturally, such a mechanism introduced serious delays in traffic and greatly consumed system resources (processor, memory).
- Weak hardware. As mentioned above, sequential processing of packets greatly consumed resources and the hardware of those times (1995-2005) simply could not cope with large traffic.
Below is the famous Gartner Magic Quadrant for UTM solutions for August 2016:
I won’t comment much on this picture, I’ll just say that the leaders are in the upper right corner.
NGFW - Next Generation Firewall
The name speaks for itself - the next generation firewall. This concept appeared much later than UTM. The main idea of NGFW is deep packet analysis (DPI) using built-in IPS and access control at the application level (Application Control). In this case, IPS is precisely what is needed to identify this or that application in the packet stream, which allows you to allow or deny it. Example: We can allow Skype to work, but prohibit file transfer. We can prohibit the use of Torrent or RDP. Web applications are also supported: You can allow access to VK.com, but prohibit games, messages or watching videos. Essentially, the quality of an NGFW depends on the number of applications it can detect. Many believe that the emergence of the NGFW concept was a common marketing ploy against the backdrop of which the Palo Alto company began its rapid growth.
Gartner Magic Quadrant for NGFW for May 2016:
UTM vs NGFW
A very common question is, which is better? There is no definite answer here and cannot be. Especially considering the fact that almost all modern UTM solutions contain NGFW functionality and most NGFWs contain functions inherent to UTM (Antivirus, VPN, Anti-Bot, etc.). As always, “the devil is in the details,” so first of all you need to decide what you need specifically and decide on your budget. Based on these decisions, you can choose several options. And everything needs to be tested unambiguously, without believing marketing materials.
We, in turn, in several articles, will try to talk about Check Point, how you can try it and what, in principle, you can try (almost all the functionality).
Three Check Point Entities
When working with Check Point, you will definitely encounter three components of this product:
Check Point Operating System
Speaking about the Check Point operating system, we can recall three at once: IPSO, SPLAT and GAIA.
- IPSO- operating system of Ipsilon Networks, which belonged to Nokia. In 2009, Check Point bought this business. No longer developing.
- SPLAT- Check Point's own development, based on the RedHat kernel. No longer developing.
- Gaia- the current operating system from Check Point, which appeared as a result of the merger of IPSO and SPLAT, incorporating all the best. It appeared in 2012 and continues to actively develop.
Execution options (Check Point Appliance, Virtual machine, OpenServer)
There is nothing surprising here, like many vendors, Check Point has several product options:
Implementation options (Distributed or Standalone)
A little higher we have already discussed what a gateway (SG) and a management server (SMS) are. Now let's discuss options for their implementation. There are two main ways:
As I said just above, Check Point has its own SIEM system - Smart Event. You can use it only in case of Distributed installation.
Operating modes (Bridge, Routed)
The Security Gateway (SG) can operate in two main modes:
- Routed- the most common option. In this case, the gateway is used as an L3 device and routes traffic through itself, i.e. Check Point is the default gateway for the protected network.
- Bridge- transparent mode. In this case, the gateway is installed as a regular “bridge” and passes through traffic at the second level (OSI). This option is usually used when there is no possibility (or desire) to change the existing infrastructure. You practically don't have to change the network topology and don't have to think about changing IP addressing.
Check Point Software Blades
We have almost reached the most important topic of Check Point, which raises the most questions among customers. What are these “software blades”? Blades refer to certain Check Point functions.
These functions can be turned on or off depending on your needs. At the same time, there are blades that are activated exclusively on the gateway (Network Security) and only on the management server. The pictures below show examples for both cases:
1) For Network Security(gateway functionality)
Let's describe it briefly, because... each blade deserves its own article.
- Firewall - firewall functionality;
- IPSec VPN - building private virtual networks;
- Mobile Access - remote access from mobile devices;
- IPS - intrusion prevention system;
- Anti-Bot - protection against botnet networks;
- AntiVirus - streaming antivirus;
- AntiSpam & Email Security - protection of corporate email;
- Identity Awareness - integration with Active Directory service;
- Monitoring - monitoring of almost all gateway parameters (load, bandwidth, VPN status, etc.)
- Application Control - application level firewall (NGFW functionality);
- URL Filtering - Web security (+proxy functionality);
- Data Loss Prevention - protection against information leaks (DLP);
- Threat Emulation - sandbox technology (SandBox);
- Threat Extraction - file cleaning technology;
- QoS - traffic prioritization.
2) For Management(control server functionality)
- Network Policy Management - centralized policy management;
- Endpoint Policy Management - centralized management of Check Point agents (yes, Check Point produces solutions not only for network protection, but also for protecting workstations (PCs) and smartphones);
- Logging & Status - centralized collection and processing of logs;
- Management Portal - security management from the browser;
- Workflow - control over policy changes, audit of changes, etc.;
- User Directory - integration with LDAP;
- Provisioning - automation of gateway management;
- Smart Reporter - reporting system;
- Smart Event - analysis and correlation of events (SIEM);
- Compliance - automatically checks settings and issues recommendations.
The architecture of the blades allows you to use only the functions you really need, which affects the budget of the solution and the overall performance of the device. It is logical that the more blades you activate, the less traffic you can “drive through”. That is why the following performance table is attached to each Check Point model (we took the characteristics of the 5400 model as an example):
As you can see, there are two categories of tests here: on synthetic traffic and on real - mixed. Generally speaking, Check Point is simply forced to publish synthetic tests, because... some vendors use such tests as benchmarks, without examining the performance of their solutions on real traffic (or deliberately hide such data due to their unsatisfactory nature).
In each type of test, you can notice several options:
- test only for Firewall;
- Firewall+IPS test;
- Firewall+IPS+NGFW (Application control) test;
- test Firewall+Application Control+URL Filtering+IPS+Antivirus+Anti-Bot+SandBlast (sandbox)
I think this is where we can finish the introductory article on Check Point technologies. Next, we will look at how you can test Check Point and how to deal with modern information security threats (viruses, phishing, ransomware, zero-day).
P.S. Important point. Despite its foreign (Israeli) origin, the solution is certified in the Russian Federation by regulatory authorities, which automatically legalizes its presence in government institutions (comment by).
Surveyor. Who is a surveyor? Description of the profession. Profession surveyor Surveyor training
Magellanic clouds: who are they?
Pepper Steak Sauce Creamy Pepper Sauce
How to create a competent portfolio for a designer
If you dreamed that a house burned down - interpretation of the dream according to the dream book