Checkpoint® CCSA-NG (Next Generation) Exam Cram Notes

(156-205)

(CCSA: Checkpoint® Certified Systems Administrator)

2. Firewall implementations: There are different implementations of firewalls. Most notable among these are:

  • A firewall implemented with the Packet Filters work at Network Layer of ISO/OSI stack.
  • A firewall implemented with the Application Layer Gateways work at the Application Layer of ISO/OSI stack.
  • A Firewall implemented with stateful technology (like Checkpoint Firewall-1) works at all layers of IS/OSI model.

3. A firewall implemented with stateful inspection technology (FireWall-1 uses stateful inspection) has several advantages over packet filter:

Application Layer Gateway Packet Filters Stateful Inspection
Communication Information Partial Partial Yes
Communication Derived State No Partial Yes
Application Derived State No Yes Yes
Information Manipulation No Yes Yes

4. The following information are used by Firewall-1 that uses stateful inspection technology:

  • Communication information from different layers of TCP/IP stack
  • The state derived from previous communications
  • The state derived from other applications, for example, a previously authenticated user would be allowed to access through the firewall for authorized services only.

5. Hardware / software requirements:

The following are FireWall-1 GUI Management Clients Minimum Requirements:

  • Platforms: Windows 9x, Windows NT 4.0 SP4, 5, 6, and X/Motif Client.
  • Disk Space: 40 Mbytes
  • Memory: 32 MB Minimum and 64 MB recommended.

The minimum requirements for installing Management Server or FireWall-1 NG (Feature Pack 2) are:

a.Windows:

  • Hardware - 40MB of hard disk space and 128 MB of memory.
  • Operating System - Windows NT 4.0 SP 6a, Windows 2000 Server, and Windows 2000 Advanced Server. Note that the operating system and hardware requirements are same for installing VPN-1/FireWall-1 Management Server or VPN/FireWall Module.

b. Solaris:

  • Hardware- The hard disk and memory requirements are same as in Windows case, that is 40MB of hard disk space and 128 MB of memory.
  • Note that the operating system and hardware requirements are same for installing VPN-1/FireWall-1 Management Server or VPN/FireWall Module.
  • Operating System - At the minimum the Operating system required is Solaris 7 (SunOS 5.7) or Solaris 8 (SunOS 5.8).

c.Linux:

  • Hardware - Disk Space: 40MB; Memory:128MB
  • Operating System - Red hat Linux 6.2 and 7.0

The OS requirements for installing VPN-1/FireWall-1 NG Management Server or FireWall Module on a Linux platform are:

6.1 The essential components of a FireWall-1 Single Gateway Product are:

  • Management Module - Security management module with graphical user interface.
  • Inspection Module - This module is responsible for implementing access control, Client authentication, and session authentication. Network Address Translation is also done here.
  • Firewall Module - User authentication, and content security

6.2 FireWall-1's FireWall Module contains the following components:

  • FireWall-1 Daemon: This is responsible for communication modules, clients and hosts.
  • Inspection Module: Access control, Authentication, NAT and auditing are the responsibility of Inspection Module. Inspection module contains INSPECT engine.
  • Security Server: This is responsible for handling authentication of packets for any specific service or protocol

For Single Gateway product, the FireWall Module and Management Module must be installed on the same machine. However, GUI can be installed on another machine.

7. The following Management clients are available when installing Check Point on a Windows platform:

  • Policy Editor
  • Log Viewer
  • System Status (Status Manager)
  • SecureClient Packaging Tool
  • Traffic Monitoring
  • SecureUpdate

8. FireWall-1 is based on Client - Server model of operation. Note that in FireWall-1, the modules like Management Server can be separated from the GUI.

9. The basic components of a FireWall-1 Single Gateway Product are:

  • Management Module - Security management module with graphical user interface.
  • Inspection Module - This module is responsible for implementing access control, Client authentication, and session authentication. Network Address Translation is also done here.
  • Firewall Module - User authentication, and content security.

It is possible that a single Management module manages one or more FireWall modules. The Management module consists of a GUI client and a Management Server.

10. The FireWall-1 module sits in between the Data Link and the Network layers ( layer 2 and layer 3).

0  1 2  3 4     Next


Please visit SimulationExams.com for CCSA, CCSA NG and other practice tests: images-used/se-banner125X125.gif