Summary


This chapter discussed the importance of a Security Policy and how to write one for your organization. Remember that the most important aspect of defining a Security Policy is involvement. Because the default policy of Check Point is to deny everything, with community involvement you can better define the requirements, and as a result, only permit communication that is necessary for business activities while denying all others. This is referred to as the principle of least privilege.

As you implement and translate your written policy into something that can be enforced by Check Point NG AI, you will have to define network objects. Much of this information should have been gathered during the design of your policy and includes items like workstations, gateways, networks, applications, users, and services. Eventually, the rules you write will use these objects to match packets for processing and applying actions.

A firewall object must be defined for each firewall you are installing a policy on. In a simple, stand-alone installation where the management server and firewall module reside on the same machine, the firewall object is created for you during software installation. You will need to configure the interfaces topology and anti-spoofing within your firewall object definition.

FW-1 provides several tools to manipulate the security policy. You have several different methods of adding a rule to the rule base, disabling rules, cutting and pasting rules, and querying the rule base. Once you have the policy defined and you are ready to start the firewall enforcing the policy, you must install the policy onto the firewall objects that you have previously defined.

The installation of a policy is a process that converts the GUI rule base, which is represented as the *.W file, into an INSPECT script language *.pf file. The *.pf file is then compiled into INSPECT code, and is represented as a *.fc file that can be understood and enforced by the specified Check Point enforcement modules.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net