Checkpoint Firewall Presentation 726q56
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Checkpoint Firewall Presentation as PDF for free.
More details 6y5l6z
- Words: 1,093
- Pages: 42
Auditing Checkpoint FW1: The Combat Overview
Welcome! Ed Capizzi Janus IT Security Auditor [email protected] 11/20/2002 1
OSI 7 Layer Reference Model
11/20/2002 2
Router 11/20/2002 3
Proxy
11/20/2002 4
11/20/2002
Dynamic State Tables 5
Malicious authorized s. Connections that don’t go through it. 100% of all threats!
11/20/2002
A firewall is only as effective as the policy it s. 6
GUI
MM
FW
Interface
Management & Logging
Enforcement Point
11/20/2002 7
GUI MM FW
“Monolithic Stack” 11/20/2002 8
MM
GUI
FW
Remote GUI 11/20/2002 9
FW
GUI MM
Remote Management
11/20/2002
Always Authenticated …. 10
FW
MM
GUI
Remote Management AND Remote GUI Beware ports 256, 257, 258 & 259
11/20/2002 11
GUI
FW
GUI
MM GUI
Remote Management AND Remote GUIs GUI
GUI
11/20/2002 12
WIFM Interface GUI
Local Mode !
Management & Logging MM
Logs, s, Configs, Rulesets
Enforcement Point FW
Daemons, Etc
11/20/2002 13
11/20/2002 14
Any Input
Let’s go look!
11/20/2002 15
Useful Commands FW ver
returns version and patch info
FWM –p
Print a list of s
Fwstart
Self explain, be carefull
Fwstop
self explain, don’t use this!
fw log
Displays the log has many switches
fw logexort
Exports a log beware of size creep
fw dpexport
Exports the database
fw printlic
prints the license
fw status
Shows the status of the firewall
config
config util to review fw setup
(fwconfig) 11/20/2002 16
fw ver - returns version and patch info
# fw ver # This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41862 [VPN + DES + STRONG]
11/20/2002 17
fwm –p
- Print a list of s
FireWall-1 Remote Manager s: ================================
Larry (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; ) Curly (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; )
Mo (Read Only on all Management clients; ) Total of 3 s
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 (20Nov2002 14:10:22) 11/20/2002 18
fwstart - Self explanatory, be careful
fwstop - Self explanatory, don’t use this!
11/20/2002 19
fw log - Displays the log, “feature rich” (has many switches)
fw logexport - Exports a log to ascii format with your choice of delimiters…. beware of size creep!
fw dpexport - Exports the database –d to set delimiter
11/20/2002 20
fw printlic - prints the license Host
Expiration
Features
170.199.190.253
Never
VP-ESC-U-3DES-V41 CK15CCD095822D
11/20/2002 21
config (fwconfig) -config util to review fw setup
11/20/2002 22
config
(con’t)
Welcome to Check Point Configuration Program ================================================= This program will let you re-configure your Check Point Management configuration.
Configuration Options: ---------------------(1) Licenses (2) s (3) GUI clients (4) Remote Modules (5) Groups
(6) Exit
Enter your choice (1-6) : 11/20/2002 23
# ./fw stat HOST localhost
(Run on the FW
POLICY Snoopy1
)
DATE 18Nov2002 10:00:49 :
[>qfe0] [
qfe1] [
qfe2] [
qfe3] [
11/20/2002 24
Important Checkpoint files, commands & directories …./$FWDIR/CONF/ …/$FWDIR/CONF/rulebases.fws – Contains all firewall rulebases …/$FWDIR/CONF/objects.C
- Contains all firewall objects
…/$FWDIR/CONF/.licenses
- Licenses file
…/$FWDIR/CONF/fwms
- Contains all FW s
…/$FWDIR/CONF/gui-clients
- List of all authorized GUI clients
…/$FWDIR/CONF/masters
- List of all FW masters (Mgt & Logging)
…./$FWDIR/log/ …/$FWDIR/LOG/mgmt.aud
- Log of access via the GUI.
…/$FWDIR/LOG/manage.lock
- Empty file used for GUI RW management
11/20/2002 25
…/$FWDIR/CONF/rulebases.fws #cat rulebases.fws :rule-base ("##A_Standard_Policy"
:rule ( :src ( : Any ) :dst ( : Any ) :services ( : Silent_Services ) :action ( : drop ) :track () :install ( : Gateways
11/20/2002 26
…/$FWDIR/CONF/objects.C
$ cat objects.fws ( :anyobj (Any :color (Blue) ) :superanyobj ( : Any ) :netobjgraph ( : (xnet-0
:color (black)
:type (network) :location (internal) :comments ("Created by the Graph View") :broadcast (allow) :ipaddr (2.2.2.0) :netmask (255.255.255.0) :read_only (true) :is_network_implied (true) :"#oldname" ( :type (refobj)
11/20/2002
:refname ("#_xnet-0") )
27
…/$FWDIR/CONF/.licenses # cat .license Sign { LICENSE 10.199.8.26 never FW-OSE-U-V41 CK-5099B26B }= 7xDQpDbe8LjfgDuDhaTvT6sem Index=0 Version=0 Sign { LICENSE 10.199.8.26 never FW-ESC-U-V41 FW1:4.1:MOTIF CKF60A423378ED }= xzgjzt2PSZoBCBBZe6YkLue6aFh Index=0 Version=0 Sign { LICENSE 10.199.8.26 never FW-ENC-U-3DES-MODULE-V41 FW-ENC-U3DES-MGMT-V41 CK-FFA94CB }= bySNrc5YJQpWHwWc96cva8SLHVhm Index=0 Version=0 11/20/2002 28
…/$FWDIR/CONF/fwms
# cat fwms Larry
2f1003fec499757c65fc004c4af907
000fff0f
Curly
2708994e49bef3b30d7538d2866a56
000f0fff
Mo
2f2b8765040049948c569f134c9e7fd
000ff0ff
Schemp
6b09f8b704bfd1a0c986ca5efffc5cd82
0ffffff0f
11/20/2002 29
…/$FWDIR/CONF/gui-clients # cat gui-clients 10.199.8.93 10.199.8.156 10.199.8.35 10.199.44.56 10.199.87.836 10.199.87.148 10.199.8.31 10.199.51.107 10.199.8.30 10.199.58.44 10.199.58.54 10.199.88.80 10.199.58.55 11/20/2002
10.199.8.180 30
…/$FWDIR/CONF/masters
# cat masters 10.1.1.1 10.1.2.1
11/20/2002 31
/$FWDIR/LOG/mgmt.aud New.W' on host 'Snoopy5' Mon Nov 18 15:31:50 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Mon Nov 18 15:31:52 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked. Mon Nov 18 15:32:46 2002 log-viewer Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Mon Nov 18 15:34:09 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< Tue Nov 19 13:12:34 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Tue Nov 19 13:12:36 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked. Tue Nov 19 13:12:42 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< Wed Nov 20 10:22:31 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Wed Nov 20 10:22:33 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains unlocked. Wed Nov 20 10:23:23 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< 11/20/2002 32
/$FWDIR/LOG/mgmt.aud(con’t) nd7.W' on host 'Snoopy6and7'le-editor Curly@IT-STD-8900: Curly@IT-STD-8900 Logged in >>>> Fri Nov 15 12:55:00 2002 rule-editor Curly@IT-STD-8900: Failed to lock database: Used by Larry@PC-059using fwm.18
09:54:32 2002 rule-editor
Larry@PC-059: Larry@PC-059Logged in >>>>
Mon Nov 18 09:54:34 2002 rule-editor
Larry@PC-059: Locking DB with '000fffff' permissions
Mon Nov 18 09:57:32 2002 log-viewer
Larry@PC-059: Larry@PC-059Logged in >>>>
Mon Nov 18 09:59:29 2002 rule-editor
Larry@PC-059: Storing objects
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase(s)
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy4.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy5.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy6and7.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy3-test.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy2.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy1.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy3.W'
Mon Nov 18 09:59:39 2002 rule-editor
Larry@PC-059: Installing rulebase '/opt/fw1-41/conf/Snoopy1.
11/20/2002
Intermission 33
Phone Boy and other useful Websites
a.
Phoneboy
– www.phoneboy.com
b. Cassandra
- cassandra.cerias.purdue.edu
c. Bugtraq
- online.securityfocus.com/archive
d. Sun
- www.sun.com
e. MS
- www.microsoft.com
f. Checkpoint
– www.checkpoint.com
11/20/2002 34
Useful Perl scripts
fwrules4.2.pl- this is where the gifs are fwrules6.0.pl
And the output…
11/20/2002 35
11/20/2002 36
11/20/2002 37
11/20/2002 38
11/20/2002 39
11/20/2002 40
Advanced GUI 1. 2. 3. 4. 5.
Copy rulebases.fws from FW to GUI Copy objects.C from FW to GUI Rename rulebases.fws -> rules.fws Rename objects.C -> objects.fws Start GUI in local mode, ignore errors
11/20/2002 41
Thank You
11/20/2002 42
Welcome! Ed Capizzi Janus IT Security Auditor [email protected] 11/20/2002 1
OSI 7 Layer Reference Model
11/20/2002 2
Router 11/20/2002 3
Proxy
11/20/2002 4
11/20/2002
Dynamic State Tables 5
Malicious authorized s. Connections that don’t go through it. 100% of all threats!
11/20/2002
A firewall is only as effective as the policy it s. 6
GUI
MM
FW
Interface
Management & Logging
Enforcement Point
11/20/2002 7
GUI MM FW
“Monolithic Stack” 11/20/2002 8
MM
GUI
FW
Remote GUI 11/20/2002 9
FW
GUI MM
Remote Management
11/20/2002
Always Authenticated …. 10
FW
MM
GUI
Remote Management AND Remote GUI Beware ports 256, 257, 258 & 259
11/20/2002 11
GUI
FW
GUI
MM GUI
Remote Management AND Remote GUIs GUI
GUI
11/20/2002 12
WIFM Interface GUI
Local Mode !
Management & Logging MM
Logs, s, Configs, Rulesets
Enforcement Point FW
Daemons, Etc
11/20/2002 13
11/20/2002 14
Any Input
Let’s go look!
11/20/2002 15
Useful Commands FW ver
returns version and patch info
FWM –p
Print a list of s
Fwstart
Self explain, be carefull
Fwstop
self explain, don’t use this!
fw log
Displays the log has many switches
fw logexort
Exports a log beware of size creep
fw dpexport
Exports the database
fw printlic
prints the license
fw status
Shows the status of the firewall
config
config util to review fw setup
(fwconfig) 11/20/2002 16
fw ver - returns version and patch info
# fw ver # This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41862 [VPN + DES + STRONG]
11/20/2002 17
fwm –p
- Print a list of s
FireWall-1 Remote Manager s: ================================
Larry (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; ) Curly (Read/Write on all Management clients; Log Consolidator Read/Write; Reporting Module - Read/Write; )
Mo (Read Only on all Management clients; ) Total of 3 s
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 (20Nov2002 14:10:22) 11/20/2002 18
fwstart - Self explanatory, be careful
fwstop - Self explanatory, don’t use this!
11/20/2002 19
fw log - Displays the log, “feature rich” (has many switches)
fw logexport - Exports a log to ascii format with your choice of delimiters…. beware of size creep!
fw dpexport - Exports the database –d to set delimiter
11/20/2002 20
fw printlic - prints the license Host
Expiration
Features
170.199.190.253
Never
VP-ESC-U-3DES-V41 CK15CCD095822D
11/20/2002 21
config (fwconfig) -config util to review fw setup
11/20/2002 22
config
(con’t)
Welcome to Check Point Configuration Program ================================================= This program will let you re-configure your Check Point Management configuration.
Configuration Options: ---------------------(1) Licenses (2) s (3) GUI clients (4) Remote Modules (5) Groups
(6) Exit
Enter your choice (1-6) : 11/20/2002 23
# ./fw stat HOST localhost
(Run on the FW
POLICY Snoopy1
)
DATE 18Nov2002 10:00:49 :
[>qfe0] [
11/20/2002 24
Important Checkpoint files, commands & directories …./$FWDIR/CONF/ …/$FWDIR/CONF/rulebases.fws – Contains all firewall rulebases …/$FWDIR/CONF/objects.C
- Contains all firewall objects
…/$FWDIR/CONF/.licenses
- Licenses file
…/$FWDIR/CONF/fwms
- Contains all FW s
…/$FWDIR/CONF/gui-clients
- List of all authorized GUI clients
…/$FWDIR/CONF/masters
- List of all FW masters (Mgt & Logging)
…./$FWDIR/log/ …/$FWDIR/LOG/mgmt.aud
- Log of access via the GUI.
…/$FWDIR/LOG/manage.lock
- Empty file used for GUI RW management
11/20/2002 25
…/$FWDIR/CONF/rulebases.fws #cat rulebases.fws :rule-base ("##A_Standard_Policy"
:rule ( :src ( : Any ) :dst ( : Any ) :services ( : Silent_Services ) :action ( : drop ) :track () :install ( : Gateways
11/20/2002 26
…/$FWDIR/CONF/objects.C
$ cat objects.fws ( :anyobj (Any :color (Blue) ) :superanyobj ( : Any ) :netobjgraph ( : (xnet-0
:color (black)
:type (network) :location (internal) :comments ("Created by the Graph View") :broadcast (allow) :ipaddr (2.2.2.0) :netmask (255.255.255.0) :read_only (true) :is_network_implied (true) :"#oldname" ( :type (refobj)
11/20/2002
:refname ("#_xnet-0") )
27
…/$FWDIR/CONF/.licenses # cat .license Sign { LICENSE 10.199.8.26 never FW-OSE-U-V41 CK-5099B26B }= 7xDQpDbe8LjfgDuDhaTvT6sem Index=0 Version=0 Sign { LICENSE 10.199.8.26 never FW-ESC-U-V41 FW1:4.1:MOTIF CKF60A423378ED }= xzgjzt2PSZoBCBBZe6YkLue6aFh Index=0 Version=0 Sign { LICENSE 10.199.8.26 never FW-ENC-U-3DES-MODULE-V41 FW-ENC-U3DES-MGMT-V41 CK-FFA94CB }= bySNrc5YJQpWHwWc96cva8SLHVhm Index=0 Version=0 11/20/2002 28
…/$FWDIR/CONF/fwms
# cat fwms Larry
2f1003fec499757c65fc004c4af907
000fff0f
Curly
2708994e49bef3b30d7538d2866a56
000f0fff
Mo
2f2b8765040049948c569f134c9e7fd
000ff0ff
Schemp
6b09f8b704bfd1a0c986ca5efffc5cd82
0ffffff0f
11/20/2002 29
…/$FWDIR/CONF/gui-clients # cat gui-clients 10.199.8.93 10.199.8.156 10.199.8.35 10.199.44.56 10.199.87.836 10.199.87.148 10.199.8.31 10.199.51.107 10.199.8.30 10.199.58.44 10.199.58.54 10.199.88.80 10.199.58.55 11/20/2002
10.199.8.180 30
…/$FWDIR/CONF/masters
# cat masters 10.1.1.1 10.1.2.1
11/20/2002 31
/$FWDIR/LOG/mgmt.aud New.W' on host 'Snoopy5' Mon Nov 18 15:31:50 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Mon Nov 18 15:31:52 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked. Mon Nov 18 15:32:46 2002 log-viewer Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Mon Nov 18 15:34:09 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< Tue Nov 19 13:12:34 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Tue Nov 19 13:12:36 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked. Tue Nov 19 13:12:42 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< Wed Nov 20 10:22:31 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>> Wed Nov 20 10:22:33 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains unlocked. Wed Nov 20 10:23:23 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<< 11/20/2002 32
/$FWDIR/LOG/mgmt.aud(con’t) nd7.W' on host 'Snoopy6and7'le-editor Curly@IT-STD-8900: Curly@IT-STD-8900 Logged in >>>> Fri Nov 15 12:55:00 2002 rule-editor Curly@IT-STD-8900: Failed to lock database: Used by Larry@PC-059using fwm.18
09:54:32 2002 rule-editor
Larry@PC-059: Larry@PC-059Logged in >>>>
Mon Nov 18 09:54:34 2002 rule-editor
Larry@PC-059: Locking DB with '000fffff' permissions
Mon Nov 18 09:57:32 2002 log-viewer
Larry@PC-059: Larry@PC-059Logged in >>>>
Mon Nov 18 09:59:29 2002 rule-editor
Larry@PC-059: Storing objects
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase(s)
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy4.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy5.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy6and7.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy3-test.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy2.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy1.W'
Mon Nov 18 09:59:30 2002 rule-editor
Larry@PC-059: Storing rulebase 'Snoopy3.W'
Mon Nov 18 09:59:39 2002 rule-editor
Larry@PC-059: Installing rulebase '/opt/fw1-41/conf/Snoopy1.
11/20/2002
Intermission 33
Phone Boy and other useful Websites
a.
Phoneboy
– www.phoneboy.com
b. Cassandra
- cassandra.cerias.purdue.edu
c. Bugtraq
- online.securityfocus.com/archive
d. Sun
- www.sun.com
e. MS
- www.microsoft.com
f. Checkpoint
– www.checkpoint.com
11/20/2002 34
Useful Perl scripts
fwrules4.2.pl- this is where the gifs are fwrules6.0.pl
And the output…
11/20/2002 35
11/20/2002 36
11/20/2002 37
11/20/2002 38
11/20/2002 39
11/20/2002 40
Advanced GUI 1. 2. 3. 4. 5.
Copy rulebases.fws from FW to GUI Copy objects.C from FW to GUI Rename rulebases.fws -> rules.fws Rename objects.C -> objects.fws Start GUI in local mode, ignore errors
11/20/2002 41
Thank You
11/20/2002 42
Related Documents 3h463d
Checkpoint Firewall Presentation 726q56
April 2022 0
Checkpoint Firewall Blades 2q5o5l
October 2019 63
Checkpoint Firewall Cheat Sheet 45715p
December 2019 70
Checkpoint Firewall Health Check 1lh1a
November 2019 56
2.checkpoint Firewall Troubleshooting 3y4v5v
October 2021 0
Checkpoint Ppt Presentation 193r2v
April 2022 0More Documents from "Piyush Singh" 644c2n
Checkpoint Firewall Presentation 726q56
April 2022 0
Chemical Cleaning 2p1qe
July 2020 0
Project Report On Indusind Bank 5z3q3f
October 2019 381
Informatica Powercenter 5ch3c
May 2020 4
222 District Leadership Handbook.pdf 4y5j5w
July 2022 0
October 2019 229