Check Point NG[s]AI
Chris Tobkin Daniel Kligerman Technical Editor
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively Makers ) of this book ( the Work ) do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied , regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions , when working with computers, networks, data, and files.
Syngress Media , Syngress , Career Advancement Through Skill Enhancement , Ask the Author UPDATE , and Hack Proofing , are registered trademarks of Syngress Publishing, Inc. Syngress: The Definition of a Serious Security Library , Mission Critical , and The Only Way to Stop a Hacker is to Think Like One are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
KEY | SERIAL NUMBER |
---|---|
001 | GH74K9LLNB |
002 | 9MVXZ35G7J |
003 | 2NFRRSI87N |
004 | GC29MLKC89 |
005 | 8HXXDRPMQ8 |
006 | 36HYIUXBTS |
007 | TYHK9MN9NH |
008 | 326KMNYGTS |
009 | HKMN567B2N |
010 | IYBASCLITH |
PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370
Check Point Next Generation with Application Intelligence Security Administration
Copyright 2004 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-932266-89-5
Acquisitions Editor: Catherine B. Nolan Page Layout and Art: Patricia Lupien Indexer: Rich Carlson Cover Designer: Michael Kavish Copy Editor: Darlene Bordwell, Judy Eby, Amy Thomson
Distributed by O Reilly & Associates in the United States and Jaguar Book Group in Canada.
Acknowledgments
We would like to acknowledge the following people for their kindness and support in making this book possible.
Syngress books are now distributed in the United States by O Reilly & Associates, Inc. The enthusiasm and work ethic at ORA is incredible and we would like to thank everyone there for their time and efforts to bring Syngress books to market: Tim O Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Lynn Schwartz, Steve Hazelwood, Mark Wilson, Rick Brown, Leslie Becker, Jill Lothrop, Tim Hinton, Kyle Hart, Sara Winge, C. J. Rayhill, Peter Pardo, Leslie Crandell, Valerie Dow, Regina Aggio, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen and to all the others who work with us, but whose names we do not know (yet)!
The incredibly hard working team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for making certain that our vision remains worldwide in scope.
David Buckland, Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of STP Distributors for the enthusiasm with which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines.
A special thanks to all the folks at Malloy who have made things easy for us and especially to Beth Drake and Joe Upton.
Author
Chris Tobkin (CCSI, CCSE+ CCSE, CCSA, MCP) is a security engineer for Check Point Software Technologies, Ltd. and a member of the Minnesota chapter of the ISSA. Chris began his career over a decade ago programming C, C++, and Perl at the University of Minnesota. While there obtaining his bachelors of business administration with emphasis on management information systems degree, his job expanded to include project management, as well as database, network, and systems administration. His talents in security were recognized and leveraged as a part of the computer security group for the university. Chris later moved on to a security services and integration company where he was able to hone his skills in penetration testing, social engineering, firewalling, policy development, intrusion detection and prevention, and teaching courses in security, including the Check Point curriculum. In 2001, Chris moved to a position inside Check Point designing and architecting solutions for customers. Chris has also done many presentations and other writing including contributing to Check Point NG VPN-1/FireWall-1: Advanced Configuration and Troubleshooting (Syngress Publishing, ISBN: 1-931836-97-3) and the CCSA Next Generation Check Point Certified Security Administrator Study Guide (McGraw-Hill, ISBN: 0-072194-20-0).
Technical Editor and Contributor
Daniel Kligerman (CCSA, CCSE), author of Building DMZs for Enterprise Networks (Syngress Publishing, ISBN: 1-931836-88-4), Check Point NG VPN-1/Firewall-1: Advanced Configuration and Troubleshooting (Syngress Publishing, ISBN: 1-931836-97-3), Nokia Network Security Solutions Handbook (Syngress, ISBN: 1-931836-70-1), and Check Point Next Generation Security Administration (Syngress, ISBN: 1-928994-74-1), is a senior network specialist with TELUS, Canada s second-largest telecommunications company. Leading the eastern Canadian network team, he is responsible for the architecture, deployment, and support of enterprise customer networks, including LAN and WAN routing and switching, and all aspects of network security.
Daniel holds a bachelor of science degree from the University of Toronto in computer science, statistics, and English, and resides in Toronto, Canada with his wife Merita.
Drew Simonis (CISSP, CCNA, SCSA, SCNA, CCSA, CCSE, IBM CS) is a senior security engineer with the RL Phillips Group, LLC, where he provides senior level security consulting to the United States Navy, working on large enterprise networks. Drew is a security generalist, with a strong background in system administration, Internet application development, intrusion detection and prevention, and penetration testing. He is a co-author of Hack Proofing Your Web Applications (Syngress Publishing, ISBN: 1-928994-31-8) and Hack Proofing Sun Solaris 8 (Syngress, ISBN: 1-928994-44-X). Drew s background includes various consulting positions with Fiderus, serving as a security architect with AT&T and as a technical team lead with IBM. Drew has a bachelor s degree from the University of South Florida and is also a member of American MENSA. He lives in Suffolk, Virginia with his wife, Kym and daughters, Cailyn and Delany. He would like to pay special thanks to Travis Corson and Ron Ostrenga for helping him break into the industry.
Corey S. Pincock (CISSP, MCSE, GSEC, MCDBA, CCSA, CCNA) is the senior information security architect for CastleGarde in Tampa, Florida. As an expert in the information security aspects of Graham-Leach-Bliley and HIPAA, Corey consults with financial and healthcare organizations on a national level to implement information security programs that include policy development, risk assessments, security infrastructure design, implementation, training, and monitoring. His other specialties include firewall assessments and audits , Windows 2000, and cryptography. Corey s background includes positions as a network administrator for CommerceQuest, systems engineer for MicroAge, and senior instructor for Certified Tech Trainers. Corey holds a bachelor s degree from the University of Washington and is a member of ISSA. Corey lives in Tampa, Florida with his wife and two daughters. He would like to thank his wife, Shelly, for encouraging him to be his best, and Allen Keele of Certified Tech Trainers.
Jeff Vince (CCSA, CCSE) is a security consultant in Waterloo, Ontario where he specializes in secure network architecture and firewall configuration for medium- to large-scale network installations. His specialties focus on security products ranging from anti-virus software to intrusion detection and enterprise security management software running on the Microsoft Windows and Linux platforms. In addition to normal client consulting work, Jeff has ”as part of a team of security professionals ”performed successful attack and penetration tests on networks owned by companies ranging from major financial institutions and broadband service providers to smaller software development companies. Working as both an outsider trying to break in and as a security manager responsible for securing corporate assets has given Jeff a unique perspective on network security. Applying this dual vision of security has allowed him to help clients build network infrastructure that provides the high availability and security required in today s Internet environment.
Doug Maxwell (CCSI) is a senior network engineer with Activis, Ltd. in East Hartford, Connecticut. He currently works as a third- tier engineer in the technical support division, and is a certified Check Point instructor. His specialties include Unix network security and firewall network integration. Doug holds a bachelor of science degree in computer science from the University of Massachusetts at Amherst, and is a member of the Association for Computing Machinery (ACM), USENIX, and SAGE, the System Administrator s Guild. He happily resides in Ellington, Connecticut with his wife and 1-year-old son.
Simon Desmeules (CCSE, ISS, MCSE+I, CNA) is an independent security perimeter specialist. He currently provides architectural design, technical consulting, and tactical emergency support for perimeter security technologies for several Fortune 1000 companies in Canada and the United States. Simon s background includes positions as a firewall / intrusion security specialist for a pioneer of Canadian Security, Maxon Services, and their Managed Security clients. He is an active member of the FW-1, ISS, and Snort mailing lists where he discovers new problems and consults with fellow security specialists.
Cherie Amon (CCSA, CCSE, CCSI) is a senior network security engineer and security instructor for Integralis. She is a Check Point Certified Security instructor and has been installing, configuring, and supporting Check Point products since 1997. Cherie teaches the Check Point courses at the Integralis Authorized Training Center (ATC) in East Hartford, Connecticut, which is the only Check Point ATC in the state. Prior to working at Integralis, she held a position at IBM supporting the IBM Global Dialer, which is now the ATT Global Dialer. Cherie lives in Tampa, Florida and attended college at the University of South Florida in Tampa, where she is now pursuing a math degree. She would like to thank her husband, Kyle Amon, and father, Jerry Earnest, for leading her in the With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening.
Solutions@syngress.com
With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening.
Readers like yourself have been telling us they want an Internet-based service that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations.
Solutions@syngress.com is an interactive treasure trove of useful information focusing on our book topics and related technologies. The site offers the following features:
-
One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters.
-
Ask the Author customer query forms that enable you to post questions to our authors and editors.
-
Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material.
-
Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics.
Best of all, the book you re now holding is your key to this amazing site. Just go to www.syngress.com/solutions , and keep this book handy when you register to verify your purchase.
Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there s anything else we can do to help you get the maximum value from your investment. We re listening.
www.syngress.com/solutions