This article will provide basic instructions on Threat Prevention on CheckPoint firewall devices.
– Threat Prevention Includes the following Software Blades:
- IPS – Intrusion Prevention System provides protection against malicious and unwanted network traffic including known vulnerabilities and exploits, protocol misuse, outbound malware communications.
- Anti-Bot – Detect bot-infected machines and prevent bot damage by blocking bot Command and Control communications.
- Anti-Virus – Provides real-time virus signatures and anomaly-based protections.
- Threat Emulation – Prevent infections from undetected exploits, zero-day attacks and targeted attacks based on sandboxing malware detection.
- Threat Extraction – Remove exploitable content from documents, including live content and embedded objects, restructure files to remove potential threats, and quickly deliver sanitized content to users used to maintain business processes.
1.Set up Threat Prevention Policy:
– First we need to activate Threat Prevention Policyopen Security Gateway and put a check mark at IPS.
– Select “According to the Threat Prevention policy” and choose OK.
– Similar to active Anti-Virus and Anti-Bot.
– When active Threat Emulationselect “ThreatCloud Emulation Service” and choose Next.
– After a while you will see activation messageselect Finish.
– Now enable Threat Extraction blade and choose “Skip this configuration now”because we won’t be using the MTA for the installation.
– Go Security Policies > Policyby default we have a protection profile named “Optimized”.
– Let’s see Profile settings. Right click on Profile and select View.
– You can see the attached activated blades in Profile and main settings.
- Performance Impact.
- Severity.
- Confidence Level.
– This profile will automatically enable protection measures at medium or lower give performance impact and medium or higher give severity.
– There are different actions for protection groups with different levels of trust:
- Detect.
- Prevent.
- Inactive.
- Ask.
– If necessary you can change the active profile from Optimized to Strict. This profile has more protections.
– You can see the extended configuration section in the bottom left corner SmartConsole.
– Threat Tools Allows advanced configuration of IPS settings. It also allows update IPS signatures.
– Finally you need install Threat Prevention Policyselect “Threat Prevention” in policy installation.installationthen select Install.
2.Threat Prevention Logs:
– To view logs go to Logs & Monitorsselect Queries > Threat Prevention > All.
– Here you can see Threat Prevention logs.
!!! Thank you for following the article!!!
Xem tiếp...