CheckPoint VPN Presentation

63 %
38 %
Information about CheckPoint VPN Presentation
Education

Published on April 22, 2008

Author: Lilly

Source: authorstream.com

An Introduction to VPN Technology:  An Introduction to VPN Technology QTS Ongoing Education Series Check Point Facts:  Check Point Facts History Founded June 1993 IPO June 1996 Strong growth in revenues and profits Global market leadership 62% VPN market share (Datamonitor, 2001) 42% firewall market share (#1 Position - IDC, 2000) De-facto standard for Internet security Strong business model Technology innovation and leadership Technology partnerships Strong and diversified channel partnerships Check Point Software Check Point’s Solid Foundation:  Check Point’s Solid Foundation Financial Strength Last 12 Months Revenues of $543M Profit of $313M Strong Balance Sheet Market Leadership 220,000+ Installations 100,000+ VPN Gateways 83 Million+ VPN Clients 81,000+ Customers 1,500+ Channel Partners 300+ OPSEC Partners 100 Platform Choice - Open:  Platform Choice - Open Dedicated Appliances (Check Point Pioneered the market) Entry Level Easy set up Enterprise Class Network Grade Data Center & ISPs High Performance / Carrier Class Future Platforms Consumer & Small Business Cable & DSL Wireless GPRS, 2.5G-3G Infrastructure Multi-Subscriber Service Providers Network Services Open Systems Attractive Price/Performance Wide Variety of Platforms 60-80% of the Market Flexibility OPSEC Partners:  OPSEC Partners Open framework for security integration - “The Security OS” Over 270 partners Breadth of solutions Choice Certification www.OPSEC.com Voted #1 Partner Alliance Program The Open Platform for Security Enhanced Management Capabilities:  Enhanced Management Capabilities SecureUpdate for OPSEC Partners Central management of software install for OPSEC applications OPSEC Application monitoring Central monitoring of OPSEC applications alongside Check Point products Open Management repository Import/Export objects from management database Agenda:  Agenda What is a Virtual Private Network (VPN)? VPN deployment situations Why use VPNs? Types of VPN protocols IPSec VPNs Components A sample session Deployment questions What is a VPN?:  What is a VPN? A VPN is a private connection over an open network A VPN includes authentication and encryption to protect data integrity and confidentiality Internet Acme Corp Acme Corp Site 2 Types of VPNs:  Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet Reduces long distance, modem bank, and technical support costs Internet Corporate Site Types of VPNs:  Types of VPNs Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate Site Types of VPNs:  Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2 Types of VPNs:  Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Client/Server VPN Protects sensitive internal communications Most attacks originate within an organization Internet LAN clients Database Server LAN clients with sensitive data Alternate Technologies:  Alternate Technologies Site-to-site/extranets Frame relay, leased lines Remote access Dial up modem banks Why Use Virtual Private Networks?:  Why Use Virtual Private Networks? More flexibility Leverage ISP point of presence Use multiple connection types (cable, DSL, T1, T3) Why Use Virtual Private Networks?:  Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demand Why Use Virtual Private Networks?:  Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical support VPN-1 Return on Investment:  VPN-1 Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Case History – Professional Services Company VPN ROI Calculator:  VPN ROI Calculator Tool URL: http://www.checkpoint.com/products/vpn1/roi_calculators/index.html Components of a VPN:  Components of a VPN Encryption Message authentication Entity authentication Key management Point-to-Point Tunneling Protocol:  Point-to-Point Tunneling Protocol Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and ancryption Limited user management and scalability Known security vulnerabilities Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network Layer 2 Tunneling Protocol (L2TP):  Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Does not include packet authentication, data integrity, or key management Must be combined with IPSec for enterprise-level security Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate Network Internet Protocol Security (IPSec):  Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity Includes key management Components of an IPSec VPN:  Components of an IPSec VPN Encryption Message Authentication Entity Authentication Key Management DES, 3DES, and more HMAC-MD5, HMAC-SHA-1, or others Digital Certificates, Shared Secrets,Hybrid Mode IKE Internet Key Exchange (IKE), Public Key Infrastructure (PKI) All managed by security associations (SAs) Security Associations:  Security Associations An agreement between two parties about: Authentication and encryption algorithms Key exchange mechanisms And other rules for secure communications Security associations are negotiated at least once per session – possibly more often for additional security Encryption Explained:  Encryption Explained Used to convert data to a secret code for transmission over an untrusted network Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d” Clear Text Encrypted Text Symmetric Encryption:  Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5, Rijndael Shared Secret Key Asymmetric Encryption:  Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Alice Public Key Encrypt Alice Private Key Decrypt Bob Alice Key Management:  Key Management Shared Secret Simplest method; does not scale Two sites share key out-of-band (over telephone, mail, etc) Public Key Infrastructure Provides method of issuing and managing public/private keys for large deployments Internet Key Exchange Automates the exchange of keys for scalability and efficiency What are Keys?:  What are Keys? An Encryption Key is: A series of numbers and letters… …used in conjunction with an encryption algorithm… …to turn plain text into encrypted text and back into plain text The longer the key, the stronger the encryption What is Key Management?:  What is Key Management? A mechanism for distributing keys either manually or automatically Includes: Key generation Certification Distribution Revocation Internet Key Exchange (IKE):  Internet Key Exchange (IKE) Automates the exchange of security associations and keys between two VPN sites IKE provides: Automation and scalability Improved security Encryption keys be changed frequently Hybrid IKE Proposed standard designed by Check Point Allows use of existing authentication methods Different Types of VPN/Firewall Topologies:  VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall Topologies Different Types of VPN/Firewall Topologies:  VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall Topologies Protecting Remote Access VPNs:  Protecting Remote Access VPNs The Problem: Remote access VPN clients can be “hijacked” Allows attackers into internal network The Solution: Centrally managed personal firewall on VPN clients Internet Attacker Cable or xDSL Summary:  Summary Virtual Private Networks have become mission-critical applications IPSec is the leading protocol for creating enterprise VPNs Provides encryption, authentication, and data integrity Organizations should look for: Integrated firewalls and VPNs Centralized management of VPN client security A method to provide VPN QoS

Add a comment

Related presentations

Related pages

Check Point - Industry-Leading Cyber Security Keeps ...

Stay one step ahead of threats with Check Point’s industry leading cyber security products for threat prevention, mobile security, data centers, next ...
Read more

Checkpoint VPN Presentation - scribd.com

WORLDWIDE LEADE R IN SE CURING TH E IN TERN ET. An Introduction to VPN Technology QTS Ongoing Education Series Check Point Facts History Founded June ...
Read more

Checkpoint Firewall Presentation - scribd.com

Checkpoint Firewall Presentation - Download as Powerpoint Presentation (.ppt), PDF File (.pdf), Text File (.txt) or view presentation slides online.
Read more

Checkpoint by Manju C on Prezi

Checkpoint Checkpoint Presenter: Manjunatha C Sr. Technical Consultant Detail 1 Detail 2 Detail 3 Detail 4 Thank You! Acceleration Card Port Based Routing
Read more

Check Point Remote Access Solutions

Starting from Endpoint Security E80.41, Remote Access VPN Clients are part of the Endpoint Security offering, providing the next release of E75.30, ...
Read more

CPUG: The Check Point User Group

CPUG: The Check Point User Group ... Hiring CheckPoint Firewall Engineer... by . ... Discussion Threads For Check Point Firewall-1/VPN-1 IPsec VPN Blade ...
Read more

Checkpoint Systems, Inc.

Checkpoint is the leader in merchandise availability, loss prevention, and inventory visibility. Learn more.
Read more

Check Point Software Technologies: Download Center

Insufficient Privileges for this File. Our apologies, you are not authorized to access the file you are attempting to download.
Read more

Support, Support Requests, Training, Documentation, and ...

It includes new platform support, technologies, and features such as Platforms and Alignment to R77.30 Jumbo Hotfix, Management Features and more.
Read more