|
Home
>
Rex Global
Solutions
>
Check Point
Solutions
>
Check
Point Firewall-1
Check Point Firewall-1
Content Security
The content security capabilities of
FireWall-1 and VPN-1 Gateways extend
data inspection to the highest level,
protecting users from various hazards,
including computer viruses and malicious
Java or ActiveX applets, while providing
granular access control to the Internet.
Content security is fully integrated
with all FireWall-1 and VPN-1 Gateway
features, and is centrally managed
through the intuitive graphical
interface.
In addition, Check Point's OPSEC (Open
Platform for Security) framework
provides open Application Programming
Interfaces (APIs) for integrating
third-party content screening
applications, such as URL filtering
lists and anti-virus solutions. With
Check Point's OPSEC Alliance program,
organizations are free to choose the
content screening applications that best
meet their needs. Check Point certifies
OPSEC applications based on a rigorous
testing methodology to ensure that the
chosen application will be fully
interoperable with FireWall-1 or VPN-1
Gateways.
URL Screening
The URL screening capabilities within
FireWall-1 or VPN-1 Gateway preserve
valuable company bandwidth and add
another level of network control by
allowing network managers to restrict
access to specific Web pages and types
of content. This enables the security
manager to define flexible corporate
security policies that ensure employees
only download and access appropriate Web
page information. In addition, the URL
screening can be leveraged to record the
types of URLs accessed for internal
analysis needs.
FireWall-1 and VPN-1 Gateways Can Check
Web Connections Using One of Three Mechanisms:
-
Wildcard specifications
-
File specifications
-
Third Party URL databases
Each of these mechanisms is designed to
give security managers complete
flexibility in setting up a security
policy. The most advanced capability
found on the market today is the ability
to integrate third-party URL filtering
applications using Check Point's URL
Filtering Protocol (UFP) API. These
third-party solutions provide
subscription services and maintain a
list of URL sites across multiple
categories. Through its OPSEC Alliance
program, Check Point provides the option
of selecting the URL list subscription
vendor that best suits an organization's
needs. In this way, customers are not
locked into a specific solution dictated
by their firewall vendor.
Java and ActiveX Stripping
The extensive screening capabilities
within FireWall-1 and VPN-1 Gateways
effectively protect enterprise networks
from Java and ActiveX attacks. Security
administrators can control incoming Java
and ActiveX code according to specific
conditions such as host, URL or
authenticated user name. Check Point's
Java and ActiveX screening includes the
following capabilities:
-
Strip Java applet tags from HTML
pages
-
Strip Java applets from all
server-to-client replies, even if
the reply is a compressed or
archived file
-
Block Java attacks by blocking
suspicious back connections
-
Strip ActiveX tags from HTML pages
-
Strip JavaScript tags from HTML
pages
In addition, using Check Point's CVP
protocol, multiple Java screening
applications from OPSEC partners can be
integrated with FireWall-1 or VPN-1
Gateways to protect the entire corporate
network from Java attacks.
Mail (SMTP) Support
While originally designed to provide
maximum connectivity between users
accessing the Internet from any
geographical location, the SMTP protocol
poses a challenge to the security
manager who wishes to maintain
connectivity but keep intruders out of
internal networks.
FireWall-1 and VPN-1 Gateways protect
the network by providing highly granular
control over SMTP connections including
the ability to:
-
Block the relaying of SPAM through
the corporate gateway
-
Hide an outgoing mail's From address
behind a standard generic address
that conceals internal network
structure and real internal users
-
Redirect mail sent to given To
addresses (for example, root)
-
Drop mail from given addresses
-
Strip attachments of given types
from mail
-
Strip the Received information from
outgoing mail in order to conceal
internal network structure
-
Drop mail messages above a given
size
-
Perform anti-virus scanning
Check Point's SMTP Security Server
provides the highest level of network
protection by only supporting the basic
set of SMTP commands. This increases
security since FireWall-1 and VPN-1
Gateways will block other SMTP commands
that might be utilized for malicious
intent.
FTP Support
The FTP Security Server provides
authentication services and content
security based on FTP commands
(PUT/GET), file name restrictions, and
anti-virus checking for files. For
example, the FTP Security Server can
block all FTP GET's for files containing
budget.xls to prevent sensitive budget
files from being transferred out of the
network. All content inspection is
transparent to the user.
|
