Endpoint Security

Chia sẻ: Nguyen Tien Lich | Ngày: | Loại File: PDF | Số trang:71

0
61
lượt xem
8
download

Endpoint Security

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'endpoint security', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Endpoint Security

  1. Endpoint Security Installation Guide Version NGX 7.0 GA January 16, 2008
  2. © 2008 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. ©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.
  3. Contents Preface About this Guide ...................................................................... 7 Available Formats ........................................................................7 Obtaining the Correct Version .......................................................7 Obtaining New Issues of this Guide ...............................................7 About the Endpoint Security Documentation Set ......................... 8 Documentation for Administrators .................................................8 Documentation for Endpoint Users ................................................8 Feedback ............................................................................... 10 Chapter 1 Endpoint Security Overview Endpoint Security System Components ..................................... 12 System Requirements ................................................................12 Architecture ..............................................................................12 Endpoint Security Communications .......................................... 14 The Endpoint Security Sync ........................................................14 Other Endpoint Security Communications ....................................14 Endpoint Security Services .........................................................15 Chapter 2 Installation Overview Master Installer ...................................................................... 18 Supported Installations ........................................................... 18 Upgrading and Migration ......................................................... 19 Gateway Integration ................................................................ 20 Chapter 3 Upgrading and Migration Introduction to Upgrading ....................................................... 21 Supported Upgrades ..................................................................21 Migration ..................................................................................22 Upgrade Workflow .................................................................. 22 Backing Up Data .................................................................... 23 SPLAT Upgrade Instructions .................................................... 23 Clustered Upgrade Instructions ................................................ 24 Chapter 4 Installing on a Dedicated Host Windows ................................................................................ 26 Linux .................................................................................... 27 Check Point SecurePlatform (Command Line Version) ................ 28 Check Point SecurePlatform (GUI Version) ................................ 30 Endpoint Security Installation Guide 4
  4. Chapter 5 Installing with SmartCenter on the Same Host Windows ................................................................................ 33 Linux .................................................................................... 35 Check Point SecurePlatform (Command line Version) ................. 36 Check Point SecurePlatform (GUI Version) ................................ 38 Installing Endpoint Security with an Existing SmartCenter .......... 40 Connecting Endpoint Security and SmartCenter ............................40 Chapter 6 Installing with SmartCenter on Separate Hosts Workflow ............................................................................... 43 Installing SmartCenter in a Distributed Installation .................... 44 Windows ...................................................................................44 Linux .......................................................................................45 Check Point SecurePlatform (Command Line Version) ...................46 Check Point SecurePlatform (GUI Version) ...................................47 Connecting Endpoint Security and SmartCenter ......................... 49 Chapter 7 Installing Endpoint Security and Provider-1 Provider-1 Overview ................................................................ 51 Workflow ............................................................................... 52 Installing Endpoint Security on the Same Host as Provider-1 ...... 53 Connecting Endpoint Security and Provider-1 ............................ 54 Chapter 8 Endpoint Security Installation Wizard Reference Completing the Endpoint Security Installation Wizard ................ 56 Completing the Installation ..................................................... 57 Chapter 9 Check Point Configuration Tool Starting the Configuration Tool ................................................ 59 Configuration Tool Options ...................................................... 60 Chapter 10 Remote Logging Connecting the Log Server and SmartCenter .............................. 63 Connecting the Log Server and Endpoint Security ...................... 64 Chapter 11 High Availability Overview of High Availability .................................................... 65 Architecture ........................................................................... 66 Configuring High Availability ................................................... 67 Forcing Replication ................................................................. 68 Changing an Active Server to a Standby Server .......................... 69 Changing a Standby Server to an Active Server .......................... 69
  5. Preface In This Preface About this Guide page 7 About the Endpoint Security Documentation Set page 8 Feedback page 10 Endpoint Security Installation Guide 6
  6. About this Guide The Endpoint Security Installation Guide provides detailed instructions for installing, configuring, and maintaining Endpoint Security. This document is intended for global administrators. Please make sure you have the most up-to-date version available for the version of Endpoint Security that you are using. Before using this document to install Endpoint Security, you should read and understand the information in the Endpoint Security Implementation Guide in order to familiarize yourself with the basic features and principles. Available Formats This guide is available as a PDF. This document is available from the Check Point CD. Updated editions of the document may be available on the Check Point Website after the release of Endpoint Security. The version of this document on the Check Point Website may be more up-to-date than the version on the CD. When obtaining updated PDF editions from the Check Point Website, make sure they are for the same server version as your Endpoint Security. Do not attempt to administer Endpoint Security using documentation that is for another version. Obtaining the Correct Version Make sure that this document has the Version Number that corresponds to the version of your Endpoint Security. The Version Number is printed on the cover page of this document. Obtaining New Issues of this Guide New issues of this guide are occasionally available in PDF format from the Check Point Website. When using the PDF version of this document, make sure you have the most up-to-date issue available. The issue date is on the cover page of this document. When obtaining the most up-to-date issue of the documentation, make sure that you are obtaining the issue that is for the appropriate server. Endpoint Security Installation Guide 7
  7. About the Endpoint Security Documentation Set A comprehensive set of documentation is available for Endpoint Security, including the documentation for the Endpoint Security clients. This includes: “Documentation for Administrators,” on page 8 “Documentation for Endpoint Users,” on page 8 Documentation for Administrators The following documentation is intended for use by Endpoint Security administrators. Table 1-1: Server Documentation for Administrators Title Description Endpoint Security Installation Contains detailed instructions for installing, Guide configuring, and maintaining Endpoint Security. This document is intended for global administrators. Endpoint Security Administrator Provides background and task-oriented Guide information about using Endpoint Security. It is available in both a Multi and Single Domain version. Endpoint Security Administrator Contains descriptions of user interface Online Help elements for each Endpoint Security Administrator Console page, with cross- references to the associated tasks in the Endpoint Security Administrator Guide. Endpoint Security System Contains information on client and server Requirements requirements and supported third party devices and applications. Endpoint Security Gateway Contains information on integrating your Integration Guide gateway device with Endpoint Security. Endpoint Security Client Contains detailed information on the use of Management Guide third party distribution methods and command line parameters. Endpoint Security Agent for Linux Contains information on how to install and Installation and Configuration configure Endpoint Security Agent for Linux. Guide Documentation for Endpoint Users Although this documentation is written for endpoint users, Administrators should be familiar with it to help them to understand the Endpoint Security clients and how the policies they create impact the user experience. Endpoint Security Installation Guide 8
  8. Table 1-2: Client documentation for endpoint users Title Description User Guide for Endpoint Security Provides task-oriented information about the Client Software Endpoint Security clients (Agent and Flex) as well as information about the user interface. Introduction to Endpoint Security Provides basic information to familiarize new Flex users with Flex. This document is intended to be customized by an Administrator before distribution. See the Endpoint Security Implementation Guide for more information. Introduction to Endpoint Security Provides basic information to familiarize new Agent users with Endpoint Security Agent. This document is intended to be customized by an Administrator before distribution. See the Endpoint Security Implementation Guide for more information. Endpoint Security Installation Guide 9
  9. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com Endpoint Security Installation Guide 10
  10. Chapter 1 Endpoint Security Overview In This Chapter Endpoint Security System Components page 12 Endpoint Security Communications page 14 Endpoint Security Installation Guide 11
  11. Endpoint Security System Components This section provides an overview of the Endpoint Security system components. System Requirements For information about Endpoint Security system requirements, see the Endpoint Security System Requirements Document on the Check Point Web site. Architecture Figure 1-1 shows a typical installation. In this illustration, the Endpoint Security system components are installed on a single host. There are several other configurations options available, some involving distributing one or more components across multiple servers. Figure 1-1 illustrates the relationships and communications between the components, which is the same for all installations. Figure 1-1: Typical Endpoint Security Configuration A typical Endpoint Security configuration includes the following components: Endpoint Security Server-Allows you to centrally configure your Endpoint Security enterprise policies. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 12
  12. Endpoint Security Clients-Monitor your endpoints and enforce your security policies. These clients are installed on your endpoint computers. There are two types of Endpoint Security clients that work with Endpoint Security server: Flex-has a full user interface that allows the user to control security settings under some conditions. Agent-Has a limited interface and does not allow the user to control his or her security settings. Apache HTTP Server-Provides secure HTTPS communication between the Endpoint Security server and Endpoint Security clients. It also provides secure communication with the Endpoint Security server for Administrators logging onto the Endpoint Security Administrator Console. The Apache HTTP server also improves performance by serving your security data to Endpoint Security clients using a high speed cache. Administrator Workstation-Administrators can use a workstation to access Endpoint Security through the Endpoint Security Administrator Console, a Web-based Graphical User Interface that allows Administrators to create security policies, view reports, and perform other administrative tasks. Other Check Point Components-When you install the Endpoint Security server, you are also automatically installing some Check Point SmartCenter components to create an integrated security solution. These components are installed in the background even if you choose an ‘Endpoint Security only’ installation. Integration points include: Smart Portal SmartCenter Server SmartView Tracker Eventia Reporter SmartDashboard SmartView Monitor Logging For more information about these integration points, see “Integrations With Other Check Point Products,” on page 12. Endpoint Security also integrates with a variety of gateways, such as VPN or wireless devices, to provide client enforcement capabilities at the gateway level. for more information about these sorts of configurations, see the Endpoint Security Administrator Guide and the chapter of the Endpoint Security Gateway Integration Guide appropriate to your gateway device. The Endpoint Security System Requirements document lists all supported gateways. These documents are available on the Check Point Web site. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 13
  13. Endpoint Security Communications This section explains the internal and external communication protocols and ports used by the Endpoint Security system. When an Endpoint Security client is initialized it performs a sync with the Endpoint Security. This allows the Endpoint Security client to get the security policy that is assigned to it. Other communications take place either by the request of administrators or as determined by your security policies. The Endpoint Security Sync 1. The Endpoint Security client requests the policy location from the Endpoint Security server. 2. The server returns a sync response to the Endpoint Security client with the location of the policy. 3. The client then downloads the policy assigned to it. This is done over HTTP on port 80. The policy is encrypted before it is sent. The Web server transmits the request to the Endpoint Security server over an internal channel of communication, using AJP13 on ports 8009 and 8010. The policy contains both your security policy information as well as the location of the remediation sandbox and log upload server. Once the Endpoint Security client receives the policy, it immediately enforces it. Other Endpoint Security Communications Once the sync has been established between the Endpoint Security server and the Endpoint Security client, the following types of communication may occur, depending on circumstances and the security policy you configure. Heartbeats-Once the sync request has completed successfully, a heartbeat regularly occurs according to the interval specified by the Administrator. Heartbeats occur over UDP on port 6054. Heartbeats contain various pieces of information concerning the status and compliance state of the endpoint computer. This information is stored in the Endpoint Security datastore and is used for the Endpoint Monitor report. Remediation Requests-The Endpoint Security client may request remediation resources from the Endpoint Security sandbox. For example, if the client is out of compliance with the policy’s enforcement rules, the policy might specify that the client should restrict the endpoint computer’s access to your network and attempt to download a remediation file from the sandbox remediation area. The initial Endpoint Security client connection to the sandbox is done over HTTPS on port 2100, while the download is done on port 80 because the Endpoint Security client verifies the sandbox files after download by checking the MD5 hash. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 14
  14. Program Permission Requests-Depending on your policy settings, as programs are run on the endpoint computer, Endpoint Security clients may request program permission information from the Endpoint Security server. These real-time, encrypted requests are performed over HTTP on port 80. Log Upload-Periodically, the Endpoint Security client uploads logs to the Endpoint Security server. These logs are stored in SmartCenter’s log data files using the ELA API. You can configure the frequency of the log upload using the Endpoint Security Administrator console. Administrator Workstation Access-Administrators can use a workstation to access the Endpoint Security Administrator console to make changes to configure security policies, view reports and perform other administration tasks. The administrator workstation contacts the Endpoint Security via HTTPS on port 443. Some reports are viewed on SmartPortal via HTTPS on port 4433 by drilling down in the Endpoint Security Administrator console. Endpoint Security Services Endpoint Security operations are implemented by separate Endpoint Security services. The services are divided into two types: Client services allow an Endpoint Security client to get policies and configuration information, and to communicate session state information. Administration services allow administrators to create groups and users; manage policies; manage system configuration; and perform other administrative tasks. Ports and Protocols The Endpoint Security server uses the ports and protocols listed below to communicate with Endpoint Security clients. Make sure all these ports and protocols are available on the Endpoint Security server: 80 HTTP 443 HTTPS 6054 UDP 8009 AJP13 (Internal) 8010 AJP13 (Internal) “Endpoint Security services and ports,” on page 16 represents the services that make up Endpoint Security and shows which ports the services use. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 15
  15. Figure 1-2: Endpoint Security services and ports Service Details The table below lists the individual services that make up Endpoint Security. The configuration name is the parameter name of the service in the Endpoint Security server and Apache HTTPS server configuration files. The URL is the service location information embedded in the request from the Endpoint Security client that allows the Apache HTTPS server to proxy requests. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 16
  16. Table 1-1: Description of Endpoint Security Services Service name Configuration Name URL Description Connection service.enable.con /cm/* Sychronizes with the server. Manager nectionManager The Connection Manager service allows the endpoint to establish a session, verify endpoint state information, and get information needed to download the current policy and configuration. It can also end a previously synchronized session with the endpoint. this service also sends heartbeats to communicate policy or state changes Policy service.enable.poli /policy/* Policy download service. download cy Log upload service.enable.logU /logupload/* Provides the mechanism endpoint computers pload use to upload client log files. Program service.enable.logU /ask/* Provides the mechanism endpoint computers permission pload use to upload client log files. Sandbox server service.enable.sand /sandbox/* Serves remediation Web pages to non- Box compliant, authenticated endpoint users. Package service.enable.pack /package/* Serves the client installer packages that install Manager age an Endpoint Security client on an endpoint computer. Administrator service.enable.adm / Serves the user interface that allows Console inConsole administrators to manage the Endpoint Security. Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 17
  17. Chapter 2 Installation Overview In This Chapter Master Installer page 18 Supported Installations page 18 Upgrading and Migration page 19 Gateway Integration page 20 You can install the Endpoint Security server as a standalone product or with other Check Point products, such as SmartCenter or VPN-1. Use this guide to perform these installations. This guide provides the workflows you need to perform installations with other Check Point products and the details of the Endpoint Security server installation steps. For details of general installation steps for other Check Point products, see the appropriate Check Point documentation. NT Domain catalogs are not available in SPLAT installations. If you plan on using NT Domain catalogs, you must install on Windows or Linux. Master Installer For all installation options, you use a master installer that lets you select which products to install. Note that all Endpoint Security installations (standalone or integrated) include Check Point SmartPortal, which provides some of Endpoint Security’s reporting functionality. If you choose standalone mode, the installer also silently installs some necessary components of Check Point SmartCenter, which remain invisible. Supported Installations This guide explains how to install Endpoint Security in the following supported configurations: Endpoint Security Installation Guide 18
  18. Endpoint Security alone You can install just Endpoint Security and the necessary supporting components. (Endpoint Security installations always include Check Point SmartPortal and some Check Point SmartCenter components.) To install Endpoint Security alone, follow the instructions for installing Endpoint Security on its own host. See “Installing on a Dedicated Host,” on page 25. Endpoint Security with other Check Point products You can install Endpoint Security with the following Check Point products: SmartCenter The SmartCenter components that come with Endpoint Security are invisible. If you want to have the full range of SmartCenter functionality, you can choose to install SmartCenter in one of the following configurations: Same Host You can install Endpoint Security on the same host as SmartCenter. You can install Endpoint Security either at the same time as you install SmartCenter, or you can install it on a server with an existing SmartCenter installation. See “Installing with SmartCenter on the Same Host,” on page 32. Distributed You can install Endpoint Security and SmartCenter on different servers and then configure them to communicate. See“Installing with SmartCenter on Separate Hosts,” on page 42. Provider-1 You can install Endpoint Security with Provider-1 in the following configurations: Same Host You can install Endpoint Security with Provider-1 on the same server. See “Installing Endpoint Security and Provider-1,” on page 50. Distributed You can install Endpoint Security and Provider-1 on different servers and then configure them to connect. See “Installing Endpoint Security and Provider-1,” on page 50. Upgrading and Migration For information about changing from an earlier version of Endpoint Security to this one, see “Upgrading and Migration,” on page 21. Endpoint Security Installation Guide 19
  19. Gateway Integration This guide does not include information about configuring Endpoint Security to work with gateways, including Check Point gateways. Gateway integration and Cooperative Enforcement is achieved through post-installation steps described in the Endpoint Security Administrator Guide and the Endpoint Security Gateway Integration Guide. Endpoint Security Installation Guide 20
Đồng bộ tài khoản