Check Point NG[s]AI

Using SmartDefense

• Configure SmartDefense from the SmartDefense tab in SmartDashboard.

• Ensure antispoofing is enabled for all interfaces.

Understanding Network Security

• Configure DoS attack detection for TearDrop, Ping of Death, and LAND attacks.

• Enable IP and ICMP protection to defend your hosts from Layer 3 and 4 attacks as well as TCP protection for other Layer 4 vulnerabilities.

• Enable fingerprint scrambling to block outside users from collecting information about hosts on your network.

• Configure detection of successive events and restrictions on dynamic ports to further secure your network.

Understanding Application Intelligence

• Configure the general HTTP Worm Catcher and HTTP protocol inspection to detect exploits of Web server vulnerabilities.

• Enable cross-site scripting protection to detect attempts to steal users information.

• Configure peer-to-peer blocking to place restrictions on peer-to-peer traffic to services such as Kazaa.

• Enable the File and Print Sharing Worm Catcher to detect worms transmitted through Microsoft file shares.

Updating SmartDefense

• Use the Update Now feature to begin the update process.

• Log in to your UserCenter account to install an update.

• Install the policy on all your enforcement points once an update has completed to ensure they all receive the update.