Explore topic-wise InterviewSolutions in .

• Cpstart: Starts all CheckPoint applications and processes running on a machine.
• Cpstop: Stops all CheckPoint applications and processes manually.
• Fwstart: Start VPN-1/FireWall-1.
• Fwstop: Stop VPN-1/FireWall-1.

During your interview, a good interviewer will RARELY plan ahead to ask you specific QUESTIONS. Usually, they begin with a basic concept of the subject and then continue based on what you SAY and follow-up questions. These questions are INTENDED to GIVE you an idea of the type of question you may encounter during your CheckPoint interview.

Useful Resources:

• Network Engineer Salary in India – For Freshers & Experienced
• How To Become A Network Engineer
• System Engineer Salary In India
• Cyber Security Interview Questions

In the network, the GRANULAR Routing Control (GRC) is used to granularly control VPN (Virtual Private Network) traffic. USING this FEATURE, you can ENABLE the Security Gateway to:

• Choose the optimal route for VPN traffic.
• Choose which interfaces to use for VPN traffic to internal and EXTERNAL networks.
• Specify the IP addresses that will be used for VPN traffic.
• Select VPN tunnels available using route probing (closely inquiring), etc.

Data LOSS prevention (DLP) is a cybersecurity methodology that combines technology and best practices in order to help prevent sensitive data from being DIVULGED (disclosed) outside of an organization. In particular, the data MAY include regulated information such as PII (Personally Identifiable Information) or compliance data such as HIPAA (Health Insurance Portability and Accountability ACT), PCI (PAYMENT Card Industry), SOX (Sarbanes-Oxley Act), etc.

Your business is protected against unintentional loss of sensitive and valuable information by Check Point DLP. With DLP, businesses can monitor data movement and empower employees to work confidently while staying compliant with industry regulations.

• FWM (Firewall MANAGEMENT): It runs only on the SMS (Security Management Server) and is responsible for handling SmartConsole GUI connections, policy verification, and Management high availability (HA) synchronization.
• FWD (Firewall Daemon): It runs on both SMS and Security Gateway devices. Mostly, it is responsible for routing logs from Security Gateways to SMS, but it also acts as a PARENT process (on security gateways) for MANY security server processes that are performing ADVANCED inspections outside of the kernel.
• CPD (Check Point Daemon): It runs on both SMS and Security Gateway devices. It is responsible for handling generic functions like SmartView Monitor, SIC/certificates, licensing, and fetching/pushing policy between the SMS and Security Gateway.

NAT (Network ADDRESS Translation) can be configured in Checkpoint Firewall either manually or AUTOMATICALLY.

Security GATEWAYS can USE the following TYPES of NAT (Network Address Translation) to translate IP addresses:

• Source NAT: It initiates traffic from an internal network to an external network. When a source NAT is used, only the source IP address is translated into the public address.
• Hide NAT: It is used to translate multiple private IP addresses into a single public IP address. In other words, many to one translations. This can only be used for source NAT translation, not destination NAT.
• Destination NAT: When connecting from a public IP address to a private IP address, Destination NAT is used to translate the IP address of the destination. In this, only STATIC NAT is used. 

NAT refers to network address translation.  NAT (Network Address Translation) is Firewall Software Blade's feature and ensures greater security by replacing/translating IPv4 and IPv6 addresses. NAT hides internal IP addresses from the Internet in order to protect the identity of a network. A firewall can alter both the source and destination IP addresses of a packet.

The firewall, for example, translates the source IP address (to a new one) of packets that go from an internal computer to an external computer. Firewalls translate the new IP addresses back to the original IP addresses as packets RETURN from the external computer. When packets return from the external computer, they are routed to the correct internal computer.

Example: Suppose a network has 1,000 computers but one internet connection. What makes it possible that 1000 devices can access one internet connection, right? This is made possible by NAT. A private IP address is assigned to each of the 1000 computers, i.e., (10.0._._), and they are all connected to the ROUTER. It is connected directly to the internet and has NAT settings configured.

When PC 1 (which has an IP address of 10.0.0.1) attempts to access the internet (www.google.com), it will first send a request to the router, and the router converts the private IP address into a public IP address (10.0.0.1 - 12.0.0.1) and FORWARDS the request to the Google web server. This information is, however, saved in the NAT forwarding table by the router before forwarding this request. So, when the RESPONSE comes from the web server, the router can CONVERT the public IP back to the private IP (12.0.0.1 - 10.0.0.1), and deliver the information back to the requested PC.

Typically, a perimeter acts as a security boundary or border that PROVIDES the main defence of an INTERNAL (private) network and other public networks (such as the internet or external network). Firewalls on the perimeter of the network handle all incoming/outgoing TRAFFIC. Firewalls on perimeters usually allow the following connections:

• Connections to DNS (DOMAIN Name System) servers.
• VPN (Virtual Private Network) connections.
• Specified external connections.
• Outgoing connections to the Internet.
• Connections to servers in the DMZ (Demilitarized ZONE).
• Connections from the internal network to the internal network.

The DMZ network, also called a Demilitarized Zone, is a subnetwork WITHIN an organization's network infrastructure that LIES between the untrusted network (INTERNET or external network) and the protected internal network. DMZ networks CONTAIN the organization's public-facing services and are designed to protect the internal network. A DMZ should contain any services that can be accessed by users connecting from an external network. The most common services are Web servers, mail servers, and FTP (File Transfer Protocol) servers.

For both individuals and large ORGANIZATIONS, DMZs are crucial to network security.  They offer an additional layer of security to a computer network by restricting remote access to internal data and servers, which, if breached, can have devastating effects.

With Security Zones, you can create a powerful Access Control Policy that controls the flow of traffic between different parts of a network. Different security zones are used by networks to protect resources and to combat malware on networks. Set up rules so that only appropriate traffic can enter and leave a security zone. Listed below are the predefined Security Zones, along with their intended purpose:

• WirelessZone: The network that is ACCESSIBLE via wireless connections by users and applications.
• ExternalZone: Unsecured networks, such as the Internet and external networks.
• DMZZone: Demilitarized zones (DMZ) are sometimes called PERIMETER networks. It contains SERVERS accessible from insecure sources, such as the Internet or external sources.
• InternalZone: Company networks containing sensitive DATA that NEEDS to be protected and accessed only by authenticated users.

There are two types of keys in ASYMMETRIC encryption i.e., PUBLIC and private keys. There is a pair of private and public keys for each party. The public key, as its name implies, can be exchanged securely with communication PARTNERS, while the private key must remain confidential (secret). The private key is TYPICALLY used to decrypt data, while the public key is used to encrypt data.

To encrypt traffic between Jessica and Monica, as depicted in the above figure, the pair will exchange public keys.

• In order to encrypt Jessica' message to Monica, Jessica will USE Monica's public key. Monica will need to use his own private key to decrypt Jessica' message.
• When Monica replies to Jessica in the future, the same process will play out. Monica will use Jessica's public key to encrypt his reply message to Jessica.  Jessica will need to use his own private key to decrypt Monica's reply message.

Therefore, before any encrypted communication can take place, Jessica and Monica must exchange public keys.

The concept of anti-spoofing aims to detect and drop packets with a bogus (FALSE) source address. By using Anti-Spoofing, we can determine if a packet with an IP address concealed behind a certain interface is actually arriving from a different interface. A packet from an external network with an internal IP address, for example, would automatically be blocked by Anti-Spoofing. It ensures that packets are going to and coming from the correct INTERFACES on the SECURITY gateway.

Example:

In the following diagram, a Security Gateway is shown with interfaces 2, 3, and 4, as well as some example networks.

When Anti-Spoofing is enabled on the Security Gateway, it ensures that:

• All incoming packets coming to interface 2 should be from the Internet (1)
• All incoming packets coming to interface 3 should be from 192.168.33.0
• All incoming packets coming to interface 4 should be from 192.0.2.0 or 10.10.10.0

Packets with source IP addresses in network 192.168.33.0 that arrive at interface 2 or 4 are blocked since the source address has been spoofed.

IP spoofing MEANS the use of one’s IP address to appear as if it is a trusted IP address, USUALLY for DDOS attacks or to reroute communication. A hacker uses IP spoofing to REPLACE an untrustworthy SOURCE IP address with a fake, trusted one in order to hijack connections to your network. Attackers can send malware and bots to your network, execute DoS attacks, and gain unauthorized access to your systems.

IP Spoofing can be prevented with Anti-spoofing. Anti Spoofing aims to detect and drop packets with a bogus (false) source address to prevent unauthorized access to your systems and secure your network.

IPSEC uses two DIFFERENT protocols defined by IETF (Internet Engineering Task Force): AH (Authentication Header) and ESP (ENCAPSULATING Security Payload)

For managing encryption keys and sending encrypted packets, CheckPoint VPNs (Virtual Private Networks) UTILIZE two secure VPN protocols as follows:

• IKE (Internet Key Exchange): It is a standard key management protocol that establishes a secure, authenticated communication channel between two devices. Using IKE, a secure VPN communication channel between VPN peers is established over the Internet. 
• IPSec: As part of "IPsec," "IP" stands for "Internet Protocol" and "sec" stands for "secure". ​IPsec provides secure encrypted communication between two COMPUTERS over an IP network by AUTHENTICATING and encrypting data packets. It is commonly USED in virtual private networks (VPNs).

Many network protocols include encryption, but not all Internet traffic does. An attacker may therefore be able to intercept and change data as it flows over a network. Fortunately, virtual private networks (VPNs) ALLEVIATE this issue. VPNs are used to establish a safe and secure connection  (private connection) between two points and allow them to communicate securely over a public network. In ESSENCE, VPNs provide a private, encrypted connection between two points - without stating which points they should be. As a result, VPN services can be used for a variety of purposes:

• Site-to-Site VPN: This type of VPN enables secure communication between two geographically dispersed sites.
• Remote Access VPN: This type of VPN connects remote users to a corporate network in a secure way. 
• VPN as a Service (CLOUD VPN): This kind of VPN is hosted on a cloud-based infrastructure. Packets from the client enter the Internet through that cloud infrastructure rather than the client's LOCAL address.