Secure your network for Most common Attacks with Checkpoint Firewall

Secure your network for Most common Attacks with Checkpoint Firewall

Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall
Secure your network for Most common Attacks with Checkpoint Firewall :-
Securing  network is always night-mare for IT-administrators but present day most of the firewall’s vendor’s like checkpoint , Cisco, Paloalto etc.. are providing prevention on most common attacks like DOS attack, SYN-Flood attack, IP-Spoofing, Man-in-the Middle attack, Port scanning , Malicious IP’s , DNS CachePoisioning , Application layer attacks like SQL Injection , Cross site scripting etc.
Today i am going to show you How to prevent Common attacks with Checkpoint Firewall ( GAIA R 77 ) . :-)
Checkpoint GAIA comes with a Software blade of IPS that provide the protection against most network attacks. You have to enforce IPS protection on your particular gateways.
Open Checkpoint Smart Dashboard and navigate to IPS blade option. Click on the Enforcing Gatewaysoption and select your gateway and click on the Edit option and select the Recommended or Default protection in Assign IPS profile option. In protection Scope, either select Protection internal Host onlyor perform IPS inspection on all traffic.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall2

Protection against SYN Flood Attack :-

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
To provide protection against SYN Flood attack, navigate to Protections > By protocol > IPS Software Blade > Network Security > TCP
In the Right-pane select the SYN Flood signature,
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3
then double-click on it, In general tab, select your protection profile, and click on the Edit option and select the ” Override IPS policy with Prevent option. In the SYN Attack Detection option you have option define number of SYN packets per timeout. Also select the active defense mode to SYN cookies.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3

Protection against DOS attack :-

A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols.
To provide protection against like Ping of Death, LAND , Teardrop, Non-TCP flooding, navigate to Protections > By protocol > IPS Software Blade > Denial of Services.
Select signatures and enable on your gateway.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3
You have also option to enable protection on all profiles. To do so click on the Change option tab and select the ” Prevent on all profile ” option.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3

 Protection against Man-in-the Middle attack and OS Fingerprinting :-

Fingerprinting is a technique by which a remote host gathers information about a host or network by looking at the unintentional side effects of the communication.
Techniques involve either active fingerprinting, by which the adversary sends slightly off-protocol packets and tries to pick up information from the responses (or their lack of), and passive fingerprinting, by which the adversary either generates no traffic at all (and relies on passively received traffic), or generates only 100% standard traffic.
To provide this protection, navigate to Protections > By protocol > IPS Software Blade >Network Security > Fingerprint Scambling. and enable the Initial Sequence Number ( ISN ) Spoofing and Time to Live Masking.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3
Related Articles :-

Protection against DNS Cache poisoning :-

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
To provide this protection, navigate to Protections > By protocol > IPS Software Blade >ApplicationIntelligence > DNS > DNS Cache Poisioning  and enable the below mentioned signatures.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3

Protection against SQL Injection , XSS attack and Directory Attack :-
Cross-site scripting :-
Cross-site scripting attacks place malicious code in locations where other users see it. The intention of the attack is to steal cookies that contain user identities and credentials, or to trick users into supplying their credentials to the attacker. Scripting code includes tags such as <SCRIPT>. The code can instruct the server to send its cookies to another location, such as another web site (hence the name: Cross Site Scripting), where the hacker can see the cookies.
SQL injection :-
SQL injection attacks allow a remote attacker to execute SQL commands disguised as a URL or form input to the database. A successful attack may get the database to run undesirable commands. This could causedamage by revealing confidential information, modifying the database, or even shutting it down.
Directory traversal :-
Directory traversal attacks allow hackers to access files and directories that should be out of their reach. This can for example allow viewing of directory listings, and in many attacks, could lead to running executable code on the web server with one simple URL.
To provide protection against this attacks, navigate to Protections > By protocol > IPS Software Blade > Web Intelligence > Application layer.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3
here , you have also option to define own parameters.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3

Geo – Protection :-
Geo Protection, lets you control network traffic for specified countries. An IP-to-country database connects packet IP addresses to the countries. Configure one set of policies for each Profile to block or allow traffic for one or more countries. Configure a different policy that applies to the other countries. Private IP addresses are allowed unless the other side of the connection is explicitly blocked. Check Point control connections (such as between Security Gateways and the Security Management Server) are always allowed, regardless of the Geo Protection policy.
Configure the Geo Protections for each of the IPS Profiles separately. Policies with a Block action forSpecific and Other Countries are only enabled when the Profile Action is set to Prevent.
Secure-your-network-for-Most-common-Attacks-with-Checkpoint-Firewall3
Zero-day Attack Prevention :-
Check Point ThreatCloud Emulation Service prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the network.

Comments

  1. Hi there,

    I went through the following video and it was excellent. Could you please upload the next par as well? Thanks
    https://www.youtube.com/watch?v=rB1rL2p5BTU

    Regards,
    Venkat

    ReplyDelete
  2. In digitisation world, everything is interconnected with each other. So, there is a strict need of security features to be implemented on the network to achieve complete network security . Thank you.

    ReplyDelete
  3. If your network is under constant threat, you need the most advanced firewall protection. Check Point Next Generation Firewall identifies and controls applications by user and scans content to stop threats. Ahmed Ismaiel Martinez is a dedicated network engineer to solve all these network issues.

    ReplyDelete

Post a Comment

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall