Training Course:Check Point NGX CCSA/CCSESchool/Trainer:Global Knowledge Canada
Calgary, Edmonton, Halifax, Montreal, Ottawa, Quebec City, Toronto, Vancouver, Winnipeg, Canada
Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced
Course Description:
'' There are more Check Point firewalls protecting networks than any other firewall on the market. Check Point’s patented stateful packet inspection sets the standard for other firewall products.
With the average security breach costing companies $14 million, it is imperative to understand how to properly deploy, configure, and support your firewall infrastructure.
In this intense, 5-day course of lecture and extensive hands-on labs, you will gain in-depth knowledge of the Check Point NGX operation and learn about tools and features that can save time for you and money for your business.
Clustering, performance enhancement, troubleshooting, securing, and more will be covered in this class. You’ll also learn about shortcomings in the products and how to implement effective security architectures.
If certification is in your plans, this advanced course also helps prepare you for the CCSA NGX and CCSE NGX certification tests.
What You’ll Learn
Prepare to obtain your Check Point CCSA NGX and CCSE NGX certifications
Perform hardening procedures on target operating systems prior to installing Check Point FireWall-1 Next Generation eXtended (NGX)
Install and uninstall NGX, including upgrade procedures
Create security policies based on risks and policy requirements of your organization
Implement site-to-site VPN solutions
Configure a secure client and clientless VPN solution
Build High Availability, load balancing, and clustering into your security architecture
Monitor and optimize the performance of your Check Point firewalls
Set alerts to notify when a network user attempts to connect to a specified IP address
Course Outline
1. Security Principles
Active vs. passive security policy
Unenforceable policy
Risk management
Configuration management
Packet filters
Proxy firewalls
Stateful inspection
2. Check Point FireWall-1 NGX Architecture
Secure Virtual Network (SVN) foundation
Four key elements
Four functional product types
CPShared components
Secure Internal Communications (SIC)
Communications between components
Internal Certificate Authority (ICA)
SIC operation
Communications with SmartDashboard
SmartConsole (GUI clients)
SmartDashboard
SmartView Tracker
SmartView Monitor
SmartLSM
Smart Update
Eventia Reporter
SmartCenter Server (Management server)
Security Gateway (Enforcement module)
VPN-1 and FireWall-1 enforcement module operation
INSPECT module
Security servers
Synchronization module
3. Installing Check Point FireWall-1 NGX
Getting ready for a new installation
Check Point NGX supported platforms
Check Point NGX minimum hardware requirements
New licenses
The bastion host process
Hardening against local attacks
Hardening against network attacks
Hardening the application
Windows installation
SecurePlatform installation
UNIX installation
Nokia installation
Upgrading to NGX
Sequence
Managing previous versions
Minimizing downtime
Backing up a security policy
Uninstalling NGX
4. Getting Started
SmartDashboard
Login screen
Main screen
Objects tree
Creating and managing objects
Rule base
SmartMap
Changing views
Viewing implied rules
Editing implied rules
Installing a policy package
Launching other SmartConsole clients from SmartDashboard
5. General Security Policy and System Management
Define an enterprise security policy
Managing a security policy
Creating a security policy
Completing the rule base
Managing a complex rule base
Moving rules
Copying rules
Masking rules
Disabling rules
Adding section titles
Using time-based rules
Configuring tracking in the rule base
Command-line interface (CLI)
cpstart and cpstop
cprestart
fwstart and fwstop
cplic print-type
fwm load and fwm unload
fw fetch and fw fetchlogs
fw clt pstat and fw clt debug
fw lichosts
fw log
fw logswitch
fwm logexport
fw putkey
fw monitor
fw tab
vpn tu and vpn debug
6. SmartView Tracker
Logging components
Log mode
Viewing records
Record details
Querying
Filtering
Creating custom commands
Active mode
Viewing real-time connections
Blocking connections
Unblocking connections
Audit mode
Log file management
Exporting logs
Changing logs (log switch)
Configuring log and alert time settings in Global Properties
7. Network Address Translation
Static NAT
How it works
Issues
Dynamic NAT (Hide NAT)
How it works
Issues
Configuring NAT
Automatic NAT
Manual NAT
Global properties
8. Check Point Authentication
Authentication schemes
Creating users, groups, and templates
Installing the users database
Configuring the user authentication rule
Configuring user access
Editing user authentication action properties
Configuring the client authentication rule
Editing client authentication action properties
Manual client authentication
Configuring the session authentication rule
Editing session authentication action properties
Configuring the session authentication agent
Comparison of NGX authentication methods
Properties that affect authentication
LDAP servers
Creating the LDAP account unit
Managing the LDAP server from SmartDashboard
9. Configuration Management
Backups
Database revision control
Policy package management
Upgrading to NGX
Backing up the current configuration
Upgrading order
SmartView Monitor
o Key features
o Suspicious activity rules
Eventia Reporter
Key features
Standard vs. Express Reports
10. Threat Management
SmartDefense
Network Security
Application Intelligence
Web Intelligence
Malicious code
Application layer
Information disclosure
HTTP protocol inspection
Content security
HTTP security servers
SMTP security servers
FTP security servers
CVP servers
UFP servers
11. Voice over IP (VoIP)
VoIP Basics
VoIP protocols supported by NGX
VoIP handover
Control signaling and media connections
VoIP logging
Configuring for H.323
H.323 architecture elements
H.323 protocols
Routing modes in H.323
H.323 services in NGX
Creating the VoIP Domain Gatekeeper
H.323 rules for endpoint-to-endpoint, no gatekeeper
H.323 rules for gatekeeper-to-gatekeeper
Configuring for Session Initiation Protocol (SIP)
SIP architecture elements
SIP rules for peer-to-peer, no proxy
SIP rules for peer-to-peer with a proxy
12. Virtual Private Networks
VPN basics
Why IPSec
Secret-key cryptography
Public-key cryptography
One-way hash algorithms
IPSec framework
Authentication header (AH)
Encapsulating security payload (ESP)
Internet security association key management protocol (ISAKMP)
IKE phases
Phase I main and aggressive mode
Phase II quick mode
IPSec operational modes
Transport
Tunnel
NGX VPN security policies
Tradition mode vs. simplified mode VPN
Converting traditional mode to simplified mode
Simplified mode VPN topologies
Meshed VPN community
Star VPN community
VPN routing
Satellites
Hubs
Route-based VPN
VPN tunnel interface (VTI)
Numbered and unnumbered VTI
Dynamic routing protocols
13. Client and Clientless VPN
SecuRemote vs. SecureClient
SecureClient configuration
Minimum requirements
Security gateway settings
Remote access Global properties settings
Desktop security policy rule base
Security policy rule base
Clientless VPN
Enabling clientless VPN on the security gateway ''
Elements of this syllabus are subject to change.
Please go to the school's official website for training price and schedule:
http://www.globalknowledge.ca/
Phone:1-800-COURSES
School Address:
Global Knowledge - Canada
535 Legget Drive
Suite 200
Kanata, ON K2K 3B8 Canada
Jobs & Resumes: Calgary, Edmonton, Halifax, Montreal, Ottawa, Quebec City, Toronto, Vancouver, Winnipeg
Houses & Roommates: Calgary, Edmonton, Halifax, Montreal, Ottawa, Quebec City, Toronto, Vancouver, Winnipeg
Travel Agencies: Calgary, Montreal, Ottawa, Toronto, Vancouver, Winnipeg
Search other schools for Check Point NGX CCSA/CCSE training resources.
Other training courses offered by Global Knowledge Canada:
SQL Server 2008
Writing Queries Using Microsoft SQL Server 2008 Transact-SQL
Designing a Reporting Solution Architecture Using Microsoft SQL Server 2005 Reporting Services
microsoft sql server 2005 reporting services
Database Administrator
SQL Server 2005 Administration
sql server 2005 for business intelligence
SQL Server 2005 for Developers
sql server 2005 for reporting services
sql server t-sql with advanced topics
CISA Prep
CISSP Prep
Essentials of Information Security
voip security
certified ethical hacker
Foundstone Ultimate Hacking
Foundstone Ultimate Hacking: Expert
Foundstone Ultimate Web Hacking
Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
Tips:
Besides Acquiring latest course information by the search form, Students can also leave their study interests here and let schools callback. |
|
|
