Explore topic-wise InterviewSolutions in .

SIC stands for Secure INTERNAL Communication. As the name suggests, SIC allows CheckPoint products and platforms to communicate securely. It establishes a trusted connection or status between a gateway, management server, and other CheckPoint components. A TRUST or SIC is required for the installation of policies on gateways and the transmission (sending) of LOGS between management servers and gateways. Check Point platforms and products authenticate each other using ONE of these SIC methods:

• Certificates for authentication.
• Standard-based TLS (Transport Layer Security) for creating secure channels.
• 3DES (Data Encryption Standard) or AES128 (Advanced Encryption Standard) for encryption.

In the Rule Base, you will find the following types of rules:

• Explicit Rule: These are rules CREATED by you to configure or specify which connections the Firewall will ALLOW. Because they were created explicitly, these rules are CALLED explicit rules. 
• Implicit Rule: However, the firewall enforces many rules that are not VISIBLE to you. These are called implicit rules or implied rules. Implicit rules allow connections for different SERVICES that the Security Gateway generally uses. 

There are a few standard rules CheckPoint recommends you INCLUDE in your rule base for both security and management reasons. They are as follows:

• Stealth Rule: Stealth is the first recommended rule to include in your rule base. Using this rule, we can prevent direct access to the Security Gateway, thereby providing protection against attacks. Normally, the stealth rule should be placed NEAR the top of the rule base, with only rules that ALLOW or require access to the firewall above it.
• Cleanup Rule: Cleanup rules are placed at the end of the security Rulebase. Furthermore, Check Point suggests adding a cleanup rule, which drops and LOGS every packet that isn't matched by other rules. Logging dropped packets is EXTREMELY useful for security and troubleshooting. 

Packets are INSPECTED sequentially by Check Point Security Gateways. Upon RECEIVING a packet belonging to a CONNECTION, the Security Gateway compares the data (destination, source, etc.) against the FIRST rule, then the second rule, the third rule, and so on. As soon as it finds a rule that matches, it stops checking and applies the ACTION of that particular rule to the packet. If the packet does not match any of the rules, then it is denied. 

With SmartDashboard, it's EASY to create and configure Firewall RULES that ensure a STRONG security policy. Listed below are some fields used to manage rules for Firewall security policy: 

The firewall is at the core of a comprehensive NETWORK security policy. A security policy essentially consists of rules which define access control to/from networks that are protected by a Check Point Security Gateway. In order to be an effective security solution, Check Point Security Gateways need well-defined access POLICIES. The basic PRINCIPLE behind the Rule Base is that "connections that aren't explicitly ALLOWED are denied". You can create rules in Check Point Firewall Rule Base to only allow specified connections.

Due to the influx of new incoming threats and requirements for PROTECTION, companies must consolidate security to ensure an optimised security OPERATION and MAXIMUM efficiency. Check Point GAIA is a powerful, UNIFIED operating system that delivers higher security and superior efficiency over its predecessors;  SPLAT operating system and IPSO operating system. GAIA Operating Systems support the full SUITE of CheckPoint Gateways, Software Blades, and Security Management products. Here are some advantages of GAIA over SPLAT/IPSO.

• Web-Based user interface with Search Navigation
• Support for Software Blades
• Easy and simple upgrade (full compatibility with IPSO and SecurePlatform)
• Easy to use CLI (Command Line Interface)
• High connection capacity (64-bit)
• Native IPv4 and IPv6 Support (completely integrated into the operating system)
• High availability (ClusterXL or VRRP Clusters), etc.

• SmartLog: Security systems typically track or monitor all activity within a network and then generate log RECORDS that can be analyzed in real-time or viewed in bulk later. ​However, traditional log management systems can take hours to run queries and search millions of log records. SmartLog is basically a log management tool that provides organizations with the ability to centrally track all log records and security activities across all Software Blades on Security Gateways and Security Management servers, thereby providing INSTANT visibility into billions of log records. SmartLog provides the following monitoring features:
  • Find logs quickly by using SIMPLE search strings.
  • Select from a variety of default search queries to find the relevant logs.
  • Real-time monitoring of logs.

• SmartEvent: SmartEvent: A unified security event management and ANALYSIS tool, SmartEvent Software Blade provides real-time graphical threat management information. Using SmartEvent, you can consolidate and display all security events generated by the following Software Blades:
  • Firewall
  • IPS
  • Application Control
  • Anti-Bot and Anti-Virus

It is possible for administrators to quickly identify CRITICAL security events and take the necessary measures to prevent future attacks.

It can be defined as an independent, modular, and centrally managed security building block, which allows an organization to customize a security CONFIGURATION tailored to their needs in terms of protection and investment.  It is easy to enable and configure Software BLADES on any gateway or management system simply by clicking a MOUSE button - no additional HARDWARE, firmware, or driver upgrade is needed. 

As the WORLD's first and only security architecture, Check Point Software Blade provides total, flexible, and manageable security to companies of all sizes. The solution enables organizations to tweak their security infrastructure easily and efficiently in order to meet their critical and targeted business security requirements.

An IPS (Intrusion Prevention System), also referred to as IDPS (Intrusion Detection Prevention System), USUALLY monitors a network in order to detect malicious activities that attempt to exploit a known VULNERABILITY. 

These technologies can HELP detect or prevent network security threats like Denial of Service (DoS) attacks, brute FORCE attacks, etc. A vulnerability can be viewed as a weakness in a software system and an exploit can be referred to as an attack that makes USE of that weakness to gain control of the software system. It is common for attackers to take advantage of newly disclosed exploits for a short period of time before the security patch is applied. These attacks can be quickly blocked using an Intrusion Prevention System.

• SecureXL (Secure acceleration): With SecureXL, you can maximize the performance of the Firewall without compromising security. Using SecureXL on a Security Gateway, SEVERAL CPU-intensive operations can be processed or handled by virtualized software rather than the firewall kernel. In this manner, the Firewall can better inspect and process connections more efficiently, as well as accelerate the THROUGHPUT and connection rate.
• ClusterXL (Smart load balancing): ClusterXL involves a set (cluster) of identical Check Point Security Gateways which can be connected in a way that if one (Security Gateway) fails, another replaces it immediately. ClusterXL maintains business continuity through high availability and load sharing. ​Whenever the gateway or network goes down, the connection is SEAMLESSLY redirected to the backups, which ensures business continuity. ClusterXL distributes traffic among clusters of redundant gateways, thereby combining the processing power of multiple machines to increase overall performance or throughput.
• CoreXL (Multicore acceleration): When CoreXL is enabled on a Security Gateway, the Firewall kernel is replicated multiple times and each replica (instance) runs on a single processor core. All instances are complete firewall kernels that handle and inspect traffic concurrently, thereby enhancing security gateway performance. Each Firewall instance processes traffic through the same interfaces and applies the same gateway security policies. High security and high performance are achieved simultaneously with CoreXL.

The following are some types of Checkpoints:

• Standard Checkpoint: This verifies a property value of an object in an application under test. All add-in environments support it.
• BITMAP Checkpoint: It can be used to check a bitmap of an image or the entire web PAGE. ACTUAL and expected images are compared pixel by pixel.
• Image Checkpoint: It is used to check the properties of a web image such as the source file location. Image Checkpoint does not check pixels as Bitmap Checkpoint does.
• Table Checkpoint: This ALLOWS you to dynamically check the contents of cells within a table (grid) that is DISPLAYED in your environment. Various table properties, such as row height and cell width, can also be checked. 
• Text Checkpoint: This is used to check expected text in web pages and applications. It could be a small portion of text displayed or a specific area/region of the application.

You can deploy CHECKPOINT firewalls as a STANDALONE system or as a distributed system. Here's how they DIFFER:-

Stand-alone deployment:

As part of a stand-alone deployment, both Security Management Server and Security Gateway are installed on the same PLATFORM. In this scenario, Smart Console will be installed or deployed on a separate platform with access to the Security Management Server for creating policies and pushing them to the Security Gateway. Check Point does not recommend this deployment, except for small businesses, because it defeats the whole purpose of their three-tiered architecture.

Distributed deployment:

Distributed deployments are most commonly known as Three-Tier architectures, where each component is installed on a separate platform, and such deployments are highly recommended by Check Point. ​The Smart Console is generally installed on Windows so that it can be used easily. Depending on the requirements, Security Management Server can be installed on Windows, LINUX, or FreeBSD. 

Checkpoint components are based on a 3-tier technology architecture as follows:

• Security GATEWAY (FW): A device that acts as a cyberbarrier, preventing the entry of unauthorized traffic into an organization's network. It enforces an organization's security policy, functions as an entry point for a LAN (Local AREA network), and is managed by the Security Management Server.
• Security Dashboard: This is a Smart Console GUI (Graphical User Interface) application that system ADMINISTRATORS can use to CREATE and manage security policies.
• Security Management Server (SMS):  The server that system administrators use to manage security policies. The security management system stores databases, security policies, and event logs of the organization. This component stores, MANAGES and distributes security policies to Security Gateways.

The CHECKPOINT SOLUTION has the following MAIN COMPONENTS: