Understanding Check Point FireWall Part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] Shalom and welcome everyone I want to welcome you once again to checkpoint training bytes checkpoint training bytes is where we bring advanced training on checkpoint products features and blades in this training module I'll be discussing the firewall and we'll discuss the different evolutions as a firewall and different kinds of firewalls but before we get started let's take a few moments to discuss the agenda of this module first of all we're gonna take a look at the firewall and we're gonna discuss the main purposes of the firewall and then we're gonna take a look at the history of the firewall and here we'll take a moment to take a look at the history of the firewall and how the firewall has evolved along with the Internet and then we're gonna take a look at different kinds of firewalls and we're going to discuss the advantages of each of these firewalls and how they address different security concerns and then finally we'll look at different generations of firewalls and we'll discuss how firewalls have evolved all the way up to the present day and so let's get started and let's talk about the main purpose of the firewall the primary reason of having a firewall is when you connect your PC to the Internet there's going to be a lot of nefarious sources powered on the internet like hackers and anonymous users who are trying to gather or steal information from your PC and so the main purpose of a firewall is to allow only trust the traffic from your PC to the Internet and to block any untrusted sources from accessing and compromising your PC a question often asked is why is the internet so insecure why your protocols and systems so vulnerable to attackers and so to fully understand why the internet is so insecure we need to step back here for a minute because you cannot talk about the firewall without talking about the Internet and so you can say that the firewall was invented to secure the Internet because without the internet it would really be no need for a firewall and so next I'm gonna discuss over 60 years of computer history and I'm gonna compress it down into about five minutes and so this all started in the 60s even before the internet was even conceived there was a pre-internet that was called the ARPANET and this ARPANET was a project to link and hook up a bunch of mainframe computer systems across different universities so that universities could share and utilize other universities computer resources and so in the 60s there was really no need for security because the systems were used and managed and developed by the same engineering departments and so there was really no need for a firewall because all the systems actually trusted each other and now we're coming to the 70s and now things changed a little bit but not very much and now we have more an individual separating arcs like universities and military complexes and mostly in North America but now also starting in Europe particularly France and England as still there was pretty much no need for security because these separated networks are isolated amongst different departments and so these different departments pretty much stretched it to each other and so there was still no real need for security and now we come into the 80s and 80s brought a revolution in networking first with the invention of the personal computer and second with the development of Ethernet and so together they brought the introduction of the land at the local area network and so this is the era of visionary companies that we're fighting for and building the future of the Internet companies like Microsoft Apple Intel digital and many others and so with these inventions they brought networking from the mainframe institutional world down to the corporate personal computer world and so with these developments this totally changed the landscape for corporations and organizations but since most corporate networks are managed by engineers working for those corporate organizations security was still a minimal concern and now we move into the 90s and this is when the internet really took off and now multiple networks started to be connected to each other universities started to be connected to other universities universities to institutions institutions to cooperations the corporations to individual users and here this is where the internet was born but it really only started to take off with the invention of the World Wide Web which linked the multiple web servers to the internet so that users were able to connect and access information using different protocols like HTTP and access HTML web servers and since there was really no security built into the protocols the new protocols needed to be invented protocols like SSL the secure socket layer which was primarily used to protect TCP traffic from East droppers so the concept of the firewall was introduced to protect institutions and corporations from each other and so in this era this is when security started to be in demand and so this is also the error where checkpoint Software Technologies was born the company was born right into the heart of the beginning phases of the internet and so that's why for over 20 years checkpoints slogan was we our checkpoint and we secure the internet and so the firewall market was born and started to grow but still in the 90s he was still not a big market the worst things were clear text packets that could be snooped on and also this is the era where viruses and worms were born and unleashed on the Internet but most of these malware were created by a nefarious actors to cause mischief but mostly for bragging rights and so the security industry was born to counter these threats with products like the firewall antivirus solutions and VPN products and so now we enter into the 21st century and this is really where the internet came of age this is the era of e-commerce where shopping and banking was now done online this is the decade at YouTube Facebook Amazon and Google became household names and this is when security became a major concern so the firewall is used to protect the financial markets and business organizations from nefarious sources and this is the era when new threats and attacks were introduced threats like DDoS attacks and botnets and East attacks and threats were Unleashed to wreak havoc on the Internet but now most of the attacks were now geared towards financial gain and so now the security industry released new products to counter these threats products like ids/ips and anti-bot solutions and now we come into the current error the second decade of the 21st century this is their of web 2.0 where you can watch movies online stream live sports guests in real time and you can do this not only through your PC and laptop but also through your smart phones tablets and smart TVs but now most of the tacks are either motivated by financial greed or by corporate espionage using unknown zero-day vulnerabilities and advanced persistent threats the security industry again released new products to counter these threats with products like application control URL filtering and threat emulation and this is also the era of next-generation firewalls that combined all of these products and others into a single platform using products either on a corporate premises or in the cloud solutions or a combination of both and now we come to the second decade and beyond I can't really predict a future by looking at the present we can have an idea what the future might look like we can definitely say it will be an error of the Internet of Things driverless cars and cloud security solutions we can predict that the security field and the security products will still be in big demand to protect any devices that are connected online and also to protect all the resources that are part of the corporate premise and also those that are hosted in the cloud services and so that was a brief history of the internet with the primary focus being on a firewall the firewall has evolved quite a little bit since the beginning of its inception and so in this training module are gonna focus on a firewall and I want to discuss the different evolutions of the firewall so that we can understand how the firewall has evolved to what it is today there are two primary categories of firewalls Network based firewalls and host-based firewalls in network based firewalls you usually have a software or hardware based appliance at the perimeter of your network to protect your internal hosts in host-based firewalls you have firewall software running on each individual PC to protect to the hosts for being compromised most organizations will either use one of the two methods but combining both the network based firewalls in the host-based firewalls I'll give you the best an optimal security on your network in this video series I will be focusing on network based firewalls and so now let's take a look at a few generations of firewalls that we're gonna discuss in this video and so as mentioned there was really no need for security in the 60s and a very rare need of security in the 70s but only when the eighties came around was there a pressing need for security and it started off with the packet filtering inspection firewall invented in the late 80s it was a type of firewall that used packet filtering to deny traffic except what I specifically allowed through the rule base a packet filtering firewall just basically looked at the packet header like the source IP address and the destination IP address and also took a look at the transfer layer specifically he looked at the service ports to verify if the packet matched the rule base and so if there was a match in a rule base it accepted the packet and then the packet will be processed and forwarded through the firewall if there was no match in a rule base then the fire won't drop the packet and so packet filtering inspection firewall with just a basic and rudimentary firewall they looked at the layer three packet header information and looked at the layer 4 transport header information specifically the port numbers in order to make a firewall processing decision the second generation of firewall with stateful inspection firewall which is patent by checkpoint Software Technologies in 1993 and the stateful packet inspection firewall has become an industry standard because it took the firewall completely to another level because it not only keeps track of the packet header and port numbers just like the previous generation of packet filtering firewall but it goes deeper than that and it keeps track of the state of the connection and so not only there's a process the connections that are properly matched to the rule base but in addition it keeps track of their known state of each session and individual connections in a bunch of tables that are stored in a firewall kernel for example they keeps track if a packet is a new connection or if the packet is part of the existing connection or maybe the packet is part of a deleted connection and so it's a full inspection firewall has to do basically two things first not only there's a packet have to match a firewall rule base to be accepted but in addition the stateful inspection firewall has to keep track of every accepted connection and know the current state of the connection what session the connection belongs to and keep track of every information like when the connection handshake was established when the connection teardown was completed and many other things like the connection exploration and logging the third generation of firewall invented in the beginning of the 21st century has capabilities to do deep packet inspection and so the application that our firewall can look deep down inside the packet all the way down to the application layer of the packet to make sure that the data conforms to establish the known particle standards and so it is searching for any known particle violations that an attacker might use to exploit a possible application or protocol and so an application layer firewalls fix the protocols all the way from their three - layer 7 making sure that the packet complies with established protocol standards to look at it another way you could say the application layer file is an integration of traditional stateful firewall technologies with addition of ids/ips and DLP capabilities and so application layer firewalls deep packet inspection can be easily integrated with IPS antivirus DLP solutions without needing additional hardware and so that is why I check one firewall can block protocol anomalies but on having IPS products enabled because it needs to protect itself for many vulnerabilities that an attacker might try to exploit in order to bring a firewall to its nice application awareness is the fourth generation of firewall and it has the capabilities to identify what kind of application is running on standard ports and so you can allow a drop connection based on applications being used and not just on ports being accessed so application awareness firewall is able to identify what application is using which ports and to block any applications that are using non-standard ports we're trying to bypass traditional firewall checks this is especially useful today when you can do most internet browsing over HTTP protocol and so a traditional stateful inspection firewall will allow or deny HTTP access to certain domains but in today's world not only can you search web pages over HTTP protocol but now you can even get email over HTTP streamed video over HDB chat using HTTP app or if you play games over HTTP protocol and so an application aware firewall can allow you to go to a certain website to view the webpage but can also block you from playing games or a streaming video on the same website and so that was the general overview of for generation of firewalls I'm going to go more in-depth regarding each generation of file later on but first I want to tell you about a different kind of firewall this firewall has been in development in parallel to these firewalls and so it has been existence for a very long time it's called a proxy firewall which basically works at layer seven to monitor traffic such as HTTP and FTP traffic a proxy firewall connects to the internet on behalf of internal hosts requesting web pages from servers on behalf of computers behind the proxy firewall and so it will hide the true IP address of all the hosts connecting through it and it can also be configured to allow access to certain web sites and can be configured to prevent users from accessing malicious web sites and so in in this training module we have a discussion about the firewall and we saw that the firewall is an extension a component to the Internet and then we discussed that the fire was introduced early in development of the intranet just before the birth of the World Wide Web and so it started in the 80s with the packet filtering firewall that just looks at the layer 3 and therefore of a packet to see if it matched the rule in a rule base if there is a matched you allow the packet and if there is no matched it dropped a packet and then we talked about the stateful inspection firewall which is invented in the 90s and it not only looked at the layer 3 and level 4 information but it also keeps track of the state of the connection in a bunch of state tables stored in the kernels and it added an entry in the state tables every time a new connection was established and matched by the rule base in every other subsequent packet has to match either and entering a kernel table or match the rule base in order for it to be allowed if there was no match in a criminal tables and no match in a rule base and the packet is dropped and then we talked about the application or a firewall also called application intelligence when you're talking about IPS an application or a firewall does deep packet inspection and it looks down deep into the packet and it scans through all the layers from there are three two layer seven and looks for any protocol now in these protocol violations that can be exploited by any nefarious sources and then we talked about the application awareness firewall that looks deep down inside the application layer to identify the actual protocol being used and the application being accessed and it will try to determine what the potential packet is doing and it will only allow only supported applications and block any unsupported applications depending on the company corporate policy and then we talked about the proxy firewall that has been in existence from the beginning of the century and it identified where websites and FTP sites were being accessed and only allowed access to business-related sites and it blocks access to any sites that are deemed inappropriate during business hours and blocks access or any sites that are known to contain and host any malware content and so I just want to leave you with my final thoughts a checkpoint firewall can run in any of these modes the customer can pick whichever of these firewall he wants he can select to run all four generation firewalls plus in addition he can run them in proxy mode and also it's important to emphasize that each generation the firewall is independent so you can combine all generations together for advanced security or you can have only one like for example packet filtering if you so choose or you can run the chip one firewall in different combinations depending on your traffic profile and security needs I hope you found this video informative I hope to see you in the next video until then Shalom and bye for now [Music] we've secured a future [Applause] [Music] you

Info

Channel: Check Point Training Bytes

Views: 73,563

Rating: undefined out of 5

Keywords: ccsa, ccse, check point certified administrator, check point certified security expert, check point certified cyber administrator, check point certified cyber security expert, packet filtering firewall, statefull packet inspection, statefull filtering firewall, application intelligence, application layer firewall, application awareness, history of firewall, evolution of firewall, next generation firewall

Id: nXnSrMH3I3I

Channel Id: undefined

Length: 18min 34sec (1114 seconds)

Published: Thu Aug 24 2017