Endpoint Security Implementation Guide Version

Chia sẻ: Nguyen Tien Lich | Ngày: | Loại File: PDF | Số trang:80

0
46
lượt xem
6
download

Endpoint Security Implementation Guide Version

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'endpoint security implementation guide version', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Endpoint Security Implementation Guide Version

  1. Endpoint Security Implementation Guide Version NGX 7.0 GA January 9, 2008
  2. © 2008 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. ©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.43, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.
  3. Contents Preface About this Guide ...................................................................... 9 Available Formats ........................................................................9 Obtaining the Correct Version .......................................................9 Obtaining New Issues of this Guide ...............................................9 About the Endpoint Security Documentation Set ....................... 10 Documentation for Administrators ...............................................10 Documentation for Endpoint Users ..............................................10 Feedback ............................................................................... 12 Chapter 1 Introduction Using this Guide .................................................................... 13 Assumptions .......................................................................... 14 Basic Setup ..............................................................................14 Sample Configuration ................................................................14 Chapter 2 Endpoint Security Overview Endpoint Security System Overview .......................................... 15 System Architecture ..................................................................15 Endpoint Security Server ............................................................16 Endpoint Security Clients ...........................................................17 Client Packages .........................................................................17 Gateways ..................................................................................17 Endpoint Security Communications .......................................... 18 Endpoint Security Ports .............................................................18 Endpoint Security Modes ........................................................ 18 Endpoint Security Views .......................................................... 18 Endpoint Security Feature Overview ......................................... 19 Policies ....................................................................................19 Firewall Rules, Zone Rules, and Program Control ..........................22 Firewall Rules ...........................................................................23 Zones .......................................................................................23 Program Control ........................................................................25 Enforcement .............................................................................26 Chapter 3 Planning Using a Pilot Installation ......................................................... 27 Prerequisites .......................................................................... 27 Choosing Your Client Type ....................................................... 28 Choosing Your Enterprise Policy Types ...................................... 28 Choosing Your Security Model .................................................. 29 Endpoint Security Implementation Guide 5
  4. Gathering Topology Information ............................................... 29 Planning User Support ............................................................ 30 Chapter 4 Installation Running the Installer .............................................................. 32 Logging In ............................................................................. 35 Chapter 5 Configuring Policies Policy Stages ......................................................................... 36 Distributing Your First Policy ................................................... 37 Default Policy ...........................................................................37 Distributing the Endpoint Security Client .....................................37 Chapter 6 Creating a Basic Policy Configuring Zones ......................................................................40 Setting Program Observation .......................................................42 Configuring Program Advisor .......................................................43 Deploying the Policy ..................................................................44 Testing the Policy ......................................................................44 Chapter 7 Creating a More Advanced Policy Setting Firewall Rules ............................................................. 47 Program Control ..................................................................... 48 Setting Program Permissions ......................................................48 Configuring Enforcement Settings ............................................ 51 Setting Enforcement Rules .........................................................51 Deploying the Policy ............................................................... 54 Testing the Policy ................................................................... 55 Checking the Program Rule ........................................................55 Checking the Enforcement rule ...................................................55 Chapter 8 Assigning Policies Workflow ............................................................................... 56 Switching Views ..................................................................... 58 Creating Catalogs ................................................................... 59 Choosing a Catalog Type ............................................................59 Creating an LDAP Catalog ..........................................................59 Creating an IP Catalog ...............................................................59 Creating a Custom Policy ............................................................60 Deploying the Custom Policy ................................................... 61 Assigning the Custom Policy .................................................... 62 Testing the Custom Policy ....................................................... 63 Checking the Custom Policy .......................................................63 Checking the Default Policy ........................................................63 Endpoint Security Implementation Guide 6
  5. Chapter 9 Understanding Policy Lifecyles Understanding Policy Lifecycles ............................................... 65 Suggested Policy Settings ....................................................... 66 Sample Policy Lifecycles ......................................................... 67 Low Threat Lifecycle ..................................................................67 High Threat Lifecycle .................................................................69 Policy Lifecycles for VPN ............................................................71 Chapter 10 Supporting the User Educating the Endpoint User ................................................... 73 Inform Endpoint Users in Advance ..............................................74 Provide Information About Your Security Policy ............................74 Describe the Distribution Process ................................................75 Providing Remediation Resources ............................................ 75 Using Alerts for User Self-help ....................................................75 Using the Sandbox for User Self-Help ..........................................75 Preparing your Helpdesk Staff ................................................. 77 Documentation ..........................................................................77 Training ....................................................................................77 Endpoint Security Implementation Guide 7
  6. Preface In This Preface About this Guide page 9 About the Endpoint Security Documentation Set page 10 Feedback page 12 Endpoint Security Implementation Guide 8
  7. About this Guide The Endpoint Security Implementation Guide provides an overview of Endpoint Security features and concepts. Follow the steps in this guide to install and configure a basic Endpoint Security system as part of a pilot program. This pilot installation will help you understand the basic features and functionality of the Endpoint Security system. This guide also explains how to plan your security policies, and provide support to endpoint users. Please use the version appropriate to your installation. Once you have mastered these features, you will be able to use the Endpoint Security Administrator guide to use other features and to set up an installation that is more specific to your actual network needs. Available Formats This guide is available as a PDF. This document is available from the Check Point CD. Updated editions of the document may be available on the Check Point Website after the release of Endpoint Security. The version of this document on the Check Point Website may be more up-to-date than the version on the CD. When obtaining updated PDF editions from the Check Point Website, make sure they are for the same server version as your Endpoint Security. Do not attempt to administer Endpoint Security using documentation that is for another version. Obtaining the Correct Version Make sure that this document has the Version Number that corresponds to the version of your Endpoint Security. The Version Number is printed on the cover page of this document. Obtaining New Issues of this Guide New issues of this guide are occasionally available in PDF format from the Check Point Website. When using the PDF version of this document, make sure you have the most up-to-date issue available. The issue date is on the cover page of this document. When obtaining the most up-to-date issue of the documentation, make sure that you are obtaining the issue that is for the appropriate server. Endpoint Security Implementation Guide 9
  8. About the Endpoint Security Documentation Set A comprehensive set of documentation is available for Endpoint Security, including the documentation for the Endpoint Security clients. This includes: “Documentation for Administrators,” on page 10 “Documentation for Endpoint Users,” on page 10 Documentation for Administrators The following documentation is intended for use by Endpoint Security administrators. Table 4-1: Server Documentation for Administrators Title Description Endpoint Security Installation Contains detailed instructions for installing, Guide configuring, and maintaining Endpoint Security. This document is intended for global administrators. Endpoint Security Administrator Provides background and task-oriented Guide information about using Endpoint Security. It is available in both a Multi and Single Domain version. Endpoint Security Administrator Contains descriptions of user interface Online Help elements for each Endpoint Security Administrator Console page, with cross- references to the associated tasks in the Endpoint Security Administrator Guide. Endpoint Security System Contains information on client and server Requirements requirements and supported third party devices and applications. Endpoint Security Gateway Contains information on integrating your Integration Guide gateway device with Endpoint Security. Endpoint Security Client Contains detailed information on the use of Management Guide third party distribution methods and command line parameters. Endpoint Security Agent for Linux Contains information on how to install and Installation and Configuration configure Endpoint Security Agent for Linux. Guide Documentation for Endpoint Users Although this documentation is written for endpoint users, Administrators should be familiar with it to help them to understand the Endpoint Security clients and how the policies they create impact the user experience. Endpoint Security Implementation Guide 10
  9. Table 4-2: Client documentation for endpoint users Title Description User Guide for Endpoint Security Provides task-oriented information about the Client Software Endpoint Security clients (Agent and Flex) as well as information about the user interface. Introduction to Endpoint Security Provides basic information to familiarize new Flex users with Endpoint Security Flex. This document is intended to be customized by an Administrator before distribution. See the Endpoint Security Implementation Guide for more information. Introduction to Endpoint Security Provides basic information to familiarize new Agent users with Endpoint Security Agent. This document is intended to be customized by an Administrator before distribution. See the Endpoint Security Implementation Guide for more information. Endpoint Security Implementation Guide 11
  10. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com Endpoint Security Implementation Guide 12
  11. Chapter 1 Introduction In This Chapter Using this Guide page 13 Assumptions page 14 The Endpoint Security Implementation Guide is intended to help you understand basic Endpoint Security functionality and plan your implementation. It includes: A description of basic Endpoint Security architecture Information to help you plan your installation Introductions to the most important Endpoint Security features Instructions on how to perform a basic installation in a pilot environment Instructions on how to create and deploy basic policies in a pilot environment Information about planning policy lifecycles to enhance your security Information about supporting endpoint users Follow the steps in this guide to install and configure a basic Endpoint Security system as part of a pilot program. This pilot installation will help you understand the basic features and functionality of the Endpoint Security system. Once you have mastered these features, you will be able to use the Endpoint Security Administrator guide to use other features and to set up an installation that is more specific to your actual network needs. Using this Guide The instructions in this guide generally assume that you have performed all the previous tasks. It is recommended that you perform all of the tasks in this guide in the exact order and manner specified, unless a task is explicitly marked as only applying to certain circumstances. Endpoint Security Implementation Guide 13
  12. Assumptions This guide does not cover all possible Endpoint Security setups and configuration options. This guide will focus on a basic setup and a sample pilot configuration described below. Even if you do not plan to use these specific setup and configuration parameters in your production environment, you will find this pilot setup provides useful information that is common to all setups. For specific installation and configuration information, see the Endpoint Security Installation Guide. Basic Setup This guide assumes that you are creating a pilot Endpoint Security system with the following parameters: Windows environment Non-clustered environment Single Domain setup LDAP with Microsoft Active Directory No gateway device Sample Configuration Endpoint Security is extremely flexible, and will allow you to create many different types of security policies. This guide will focus on setting up some sample policies for your pilot system that contain common, recommended settings. These settings are only meant to be representative samples of the types of options you may want to implement in your system. The exact settings you will create for your production environment will differ according to your security needs. Where appropriate, this guide will mention some of the other configuration options that are available, but you should perform the basic configuration steps described in this guide before attempting them. For more information about additional configuration options and features, see the following documents: Endpoint Security System Requirements Endpoint Security Installation Guide Endpoint Security Administrator Guide Endpoint Security Gateway Integration Guide Endpoint Security Client Management Guide Endpoint Security Implementation Guide 14
  13. Chapter 2 Endpoint Security Overview In This Chapter Endpoint Security System Overview page 15 Endpoint Security Communications page 18 Endpoint Security Modes page 18 Endpoint Security Views page 18 Endpoint Security Feature Overview page 19 Use this chapter to familiarize yourself with the Endpoint Security system and its basic features. Later in this guide you will be performing a pilot installation and configuration using many of these features. Endpoint Security System Overview The Endpoint Security system allows you to centrally manage all of your endpoint security functions. System Architecture The Endpoint Security system consists of two basic components: Endpoint Security Server, and the Endpoint Security clients installed on your endpoint computers. You can also optionally include other items in your system, such as gateways, RADIUS servers and LDAP servers. All Endpoint Security Installations include SmartPortal, which provides some of Endpoint Security’s reporting functionality. Endpoint Security installations also include some other Check Point components that function in the background. For more detailed information about Endpoint Security system architecture, including integration with other Check Point products, see the Endpoint Security Administrator Guide. Endpoint Security Implementation Guide 15
  14. Figure 2-1: Basic Endpoint Security Architecture Endpoint Security Server The Endpoint Security server allows you to centrally configure your Endpoint Security enterprise policies. Endpoint Security uses its own embedded datastore to store administrator, configuration, and security policy information. This guide will show you how to perform a typical Endpoint Security installation without clustering and using the embedded datastore. For more information about the Endpoint Security server and how to install it, see the Endpoint Security Installation Guide. Administrator Console The Endpoint Security Administrator Console is the graphical user interface you will use to create your security policies and deploy them to your users. You can also use the Administrator Console to pre-package Endpoint Security client executables with configuration settings and policies before you deliver them to your users. This document will show you how to use the Administrator Console to create, assign, and deploy clients to users. It will also show you how to use the Administrator Console to create policy packages. Endpoint Security Implementation Guide 16
  15. Endpoint Security Clients As part of the Endpoint Security system you will be installing Endpoint Security clients on your endpoint computers. These clients monitor your endpoints and enforce your security policies. The Endpoint Security system includes Endpoint Security Agent and Endpoint Security Flex. It also includes versions of Endpoint Security Agent and Endpoint Security Flex that contain VPN capabilities. Endpoint Security Agent Use Endpoint Security Agent when you want to centrally manage security at all times. It has a limited interface and does not allow the user to control security settings. If you use the version of Agent that also has VPN capability, the users are provided with an interface to configure their VPN. It also provides an interface to manage some antivirus and anti-spyware functions. Generally, use Agent for your less advanced users and for computers that belong to your organization. Since Agent provides a simpler user interface and fewer messages to the user, it is less confusing for endpoint users. There is a Windows version of Agent and a Linux version of Agent. This pilot will assume you are using the Windows version. Endpoint SecurityFlex Use Flex when you want the endpoint user to control his or her security settings some of the time. Flex has a full user interface that allows the user to control security settings under certain conditions. Generally, use Flex for expert users who are familiar with security issues. Flex is also useful when you want to provide endpoint security for computers you do not own, but are restricted by law from exercising too much control over. Client Packages You can use client packages to pre-configure your Endpoint Security clients (Agent or Flex) and pre-populate them with security policies. Client packages not only let your endpoint users get policies and connect to Endpoint Security as soon as possible, but also let you configure the client installation. Create client packages in the Administrator Console, then use a distribution method to deliver client packages to your endpoint computers. Gateways You can integrate Endpoint Security with supported gateways to enhance your security. Gateway integration will not be covered in this guide. The Endpoint Security Systems Requirements Document lists all the supported gateways. See the Endpoint Security Gateway Integration Guide for information about configuring your gateway to work with Endpoint Security. Endpoint Security Implementation Guide 17
  16. Endpoint Security Communications Endpoint Security operations are implemented by separate Endpoint Security services. An Apache httpd server proxies requests to these services from entities external to Endpoint Security, such as Endpoint Security clients or administrators logging on to Endpoint Security from remote computers. The Apache httpd server acts as a single point of entry, managing requests using SSL, file caching, UDP, and/or TCP socket off- loading functionality (see page 18). For more information about Endpoint Security communications, see the Endpoint Security Administrator Guide. Endpoint Security Ports By default, Endpoint Security uses the ports listed below to communicate with Endpoint Security Clients. Make sure these ports are all available on the Endpoint Security Server: TCP/80 HTTP TCP/443 HTTPS (for clients with versions less than 7.0) TCP/2100 HTTPS (for 7.0 and later clients) UDP/6054 (If used) Endpoint Security Modes There are two modes for Endpoint Security: Single Domain Multi Domain You choose the domain mode when you install Endpoint Security. Having multiple domains is useful for Internet Service Providers and large companies that want local administration for locations and business units. This book assumes you are using the Single domain mode. Endpoint Security Views Single Domain has two views: Simple view Advanced view When you first log into a single domain Endpoint Security server, the system is in simple view. Simple view offers a simplified User Interface and feature set. This allows Endpoint Security Implementation Guide 18
  17. you to become familiar with the core features of Endpoint Security more easily. When following the processes in this book, you will begin administering Endpoint Security in simple view. Later, when you have created your first policies and become familiar with the basic features, you will switch Endpoint Security to advanced view and use some of the more advanced features. Endpoint Security Feature Overview Endpoint Security is a flexible system with many powerful features to help secure your network. This document will explain the basic functionality of some of the most important features. You can find out more about these features and about other features in the Endpoint Security Administrator Guide. This section describes the following features: “Policies,” on page 19 “Firewall Rules,” on page 23 “Zones,” on page 23 “Program Control,” on page 25 “Enforcement,” on page 26 Policies Policies are how you deliver security rules to your endpoint users. Administrators create enterprise policies using the Endpoint Security Administrator Console and assign them to endpoint users or groups of endpoint users. Endpoint Security deploys these enterprise policies to endpoint computers, where the Endpoint Security clients receive and enforce them. You can create connected and disconnected enterprise policies for your users. If your users have Flex, they may also configure a personal policy for themselves. Connected Policies The connected enterprise policy is the policy that is enforced when the endpoint computer is connected to your network. Generally, this is a fairly restrictive policy. This policy is used not only to protect the endpoint computer from threats, but also to protect other computers on your network and to enforce your corporate policies. For example, a connected policy might have very restrictive firewall rules, require a particular antivirus program, or block programs that violate your company’s ethics policies, such as Kazaa. Disconnected Policies The disconnected enterprise policy is enforced when the endpoint computer is not connected to your network. Usually this policy is less restrictive, but provides a minimum level of security that you can then depend upon at all times. The goal of this Endpoint Security Implementation Guide 19
  18. policy is usually to protect the endpoint computer from the worst threats while allowing the user more freedom. For example, a disconnected policy might require that the endpoint have antivirus protection, but not be as strict about which brand or version. It might also allow users to run entertainment programs that they are not allowed to run while connected to your network. If you do not want to control an endpoint computer’s security when it is disconnected, you can omit the disconnected policy. In the absence of a disconnected policy, Flex enforces the personal policy and Agent enforces the connected policy. If you use disconnected policies, it is highly recommended that you use the Office Awareness feature. If you do not configure Office Awareness, your Endpoint Security clients will use the disconnected policy whenever they lose contact with the Endpoint Security server. For more information about Office Awareness, see the Endpoint Security Administrator Guide. In some cases, you may want to have the disconnected policies be more restrictive than the connected policies. This is useful if you want to prohibit recreational use of computers outside of work. If you have restrictive disconnected policies, it is essential that you configure Office Awareness. Personal Policies Flex users can create their own security policies. How these policies are arbitrated with conflicting enterprise policies depends on what settings you choose in the enterprise policy. Generally, the more restrictive policy rule is the one that is enforced. VPN Policies If you use gateways, you can specify a VPN policy for your users. This policy is enforced when users connect via a gateway, no matter what other policies the user may be assigned. Policy Packages Policy packages are bundles of policies that can be assigned together. Using packages, you can specify which policy to enforce as the connected policy and which to enforce as the disconnected policy. Policy Assignment For Endpoint Security to apply your security policy to an endpoint computer, you must indicate which users it applies to. This is called ‘policy assignment.’ Policy assignment determines which policy is enforced for a given user under what circumstances. Use policy assignment to give different policies to your users according to your organization’s needs. Generally, it is recommended that you assign policies according to a user’s domain or entity, rather than individual users. If a user is not a member of a domain or catalog and is also not assigned a policy as an individual, he or she receives the default policy. Endpoint Security Implementation Guide 20
  19. Domains One way of assigning policies is to assign them to domains. If you have the Multiple Domain version of Endpoint Security, you can divide your organization into functional units known as domains. This is particularly useful for companies such as Internet Service Providers, who want to have a domain for each customer. Domains can have their own administrators and can be assigned a policy or policy package. That policy then applies to all the members of the domain unless it is overridden by a more specific policy, such as one assigned to a catalog, gateway, or user. In Single Domain mode, which is what you will use in this pilot, there is only one domain. Note that Endpoint Security Domains are not equivalent to NT Domains or network domains. Catalogs Domains (and organizations using the Single Domain version of Endpoint Security) can be divided into catalogs. Catalogs are user catalogs or IP ranges. Users can be grouped according to their function in the company, their department, their rank, their location, etc. Catalogs can be assigned a security policy. This policy applies to all the members of the catalog, unless overridden by a user-specific policy. Gateways Users can be grouped according to the VPN gateway they use. This allows you to assign a different policy. This policy only applies to users when they are using VPN to connect to your network. Users You can also assign policies directly to specific users. As this is not scalable, it is recommended that you use this only to make a temporary exception to your usual policy assignment practices. Assignment Priority You can assign policies directly to a particular user or to an entire entity or domain. The assignment priority you select determines which policy assignment takes priority when a user belongs to more than one entity. For example, a user may be assigned one policy because he connected via a particular VPN gateway, but he may also be assigned another policy because he belongs to a RADIUS catalog. The security policy tells Endpoint Security which of these policies to enforce in these situations. Endpoint Security Implementation Guide 21
Đồng bộ tài khoản