The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.
1. | Will SmartDefense inspect traffic that is permitted by the standard Rule Base? |
|
2. | Instead of configuring SmartDefense to detect ICMP attacks, wouldn t it be a better idea to deny all ICMP to my network? |
|
3. | If I have SmartDefense inspecting HTTP traffic to prevent exploits of my Web server, do I still need to spend time keeping the Web server updated? |
|
4. | Instead of using SmartDefense to block access to peer-to-peer networks, can t I just deny this traffic via a rule in the Rule Base? |
|
5. | How often should I update SmartDefense? |
|
Answers
1. | Yes, SmartDefense inspects all traffic flowing through the firewall, whether it is permitted or denied by a rule. |
2. | ICMP is a useful tool for determining connectivity to and from hosts , but because it is susceptible to attacks, disabling it will provide the best level of defense. If you do leave it enabled, SmartDefense will provide a good level of security. |
3. | Even though SmartDefense will detect all known exploits, it is always good practice to keep all software on any server up to date. Besides the fact that two levels of defense are better than one, there may be vulnerabilities that are patched through software updates that SmartDefense has not yet been updated to detect. |
4. | The problem with attempting to block access to these services with a deny rule is that many of them use a wide variety of ports, some of which may be used for other applications. If you block access to these ports, those other applications would stop functioning. The SmartDefense solution is to identify peer-to-peer traffic by inspecting the content of packets. |
5. | The best thing to do is to check the Check Point Web site frequently to see if any new exploits have been detected and added to SmartDefense. If a newly discovered vulnerability affects an application on your network, it is especially important to update SmartDefense immediately. Signing up for the SmartDefense mailing list is a good way to be notified of newly discovered vulnerabilities. |