Welcome to Lesson 11! If you remember, back in lesson 7 we mentioned that Check Point has three types of Security Policy. This:
- access control;
- Threat prevention;
- desktop security.
We have already covered most of the blades from the Access Control policy, the main task of which is to control traffic or content. Blades Firewall, Application Control, URL Filtering and Content Awareness allow you to reduce the attack surface by cutting off all unnecessary. In this lesson, we will look at the policy Threat Prevention, whose task is to check the content that has already passed through the Access Control.
Threat Prevention Policy
Threat Prevention policy includes the following blades:
- IPS - intrusion prevention system;
- Anti-Bot β detection of botnets (traffic to C&C servers);
- Anti-Virus β checking files and url;
- Threat Emulation - file emulation (sandbox);
- Threat Extraction - cleaning files from active content.
This topic is VERY extensive and unfortunately our course does not include a detailed discussion of each blade. This is not a topic for beginners. Although it is possible that for many Threat Prevention is almost the main topic. But we will look at the process of applying the Threat Prevention policy. And also we will conduct a small but very useful and indicative test. Below, as usual, is a video tutorial.
For a more detailed acquaintance with the blades from Threat Prevention, I recommend our previously published courses for review:
- Check Point to the maximum;
- Checkpoint SandBlast.
You can find them .
Video tutorial
Stay tuned for more and join us : )
Source: habr.com