Check Point Certified
Security Administrator Examcram
(156-205)
30. There are three GUIs that are available in
FireWall-1:
1. Policy Editor GUI: Used for creating rules and
network objects. GUI may have upto four tabs, a)
Security Policy b) Address Translation c) Bandwidth
Policy d) Compression Policy
2. Log Viewer GUI: Used for viewing log files that
are composed for events recorded as per the Rule Base
and also other events such as security alerts, important
system events.
3. System Status GUI: Enables the real time
monitoring of all FireWall modules and alerting.
Communication and traffic flow statistics are also
displayed.
31. FireWall-1 supports the following encryption
schemes:
a.
FWZ: This is a Check Point proprietary encryption
scheme. FWZ uses symmetric encryption.
b.
Manual IPSec: This is an encryption and authentication
scheme. The keys are fixed over duration of the
connection.
c.
SKIP: This has some advantages over IPSec, that the keys
change over time. An Internet host can send an encrypted
packet to another host without requiring a prior message
exchange to set up a secure channel.
d.
IKE: The Internet Key Exchange (IKE) protocol is a key
management protocol standard which is used in
conjunction with the IPSec standard. IPSec is an IP
security protocol that provides robust authentication
and encryption of IP packets.
e.
ISAKMP stands for Internet Security Association and Key
Management Protocol. ISAKMP defines procedures and
packet formats to establish, negotiate, modify and
delete Security Associations (SAs).
32. There are nine objects available to manage a
network under Network Objects Manager. These are:
1.
Workstation
2.
Network
3.
Domain
4.
Router
5.
Switch
6.
Integrated Firewall
7.
Group
8.
Logical Server
9.
Address Range
The management tools available in FireWall-1 are:
1.
Network Objects
2.
Services
3.
Resources
4.
Servers
5.
Users
6.
Users on account unit
7.
Time
8.
Keys
Note that, Users and Servers are management tools.
33. Some of the popular protocol port numbers are:
1.
Telnet: Port #23
2.
FTP: Port #21
3.
HTTP (WWW): Port #80
4.
SMTP: Port #25
34. The Internet Assigned Numbers Authority (IANA)
has set aside several ranges of IP numbers that can be
freely used over private networks (Internet will not
route these IP addresses).
These private IP address ranges that are
designated private:
-
Class A private address range:
§
10.0.0.0 - 10.255.255.255
-
Class B private address range:
§
172.16.0.0 - 172.31.255.255
-
Class C private address range:
§
192.168.0.0 - 192.168.255.255
35. VPN/FireWall-1 Security Policy permits any number
of administrators to view the Security Policy. However,
only one administrator can log in using read/write
permissions. This arrangement will prevent confusion
arising from two admins simultaneously making changes to
the Security Policy, without knowing what the other is
doing.
36. The following are required to log on to the Log
Viewer of a FireWall-1 Management Server:
a.
User Name
b.
Password
c.
Name or IP address of Management Server.
37. The communication between the Firewalled objects
and the Management station is done by using a
proprietary FireWall-1 protocol.
38. If you want to install Management Module and
FireWall Module on separate computers, an Enterprise
license is required.
39. Before any remote management can take place, an
authentication key needs to be created for each Firewall
Module and the corresponding Management Console that is
responsible for remotely managing the Firewall. This is
done using the 'fw putkey' command. The correct syntax
is:
fw putkey -p <password> <ip-address>
if you are configuring the putkey on Managament
Console, the <ip-address> corresponds to the
firewall. If you are configuring the putkey on the
firewalled computer, the <ip-address> corresponds
to the Management station.
|
|
|
Please visit our sponsor: |
|
