Endpoint Security Implementation Guide Version NGX 7.0 GA January 9, 2008 © 2008 Check Point Software Technologies Ltd All rights reserved This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice ©2003–2008 Check Point Software Technologies Ltd All rights reserved Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd or its affiliates ZoneAlarm is a Check Point Software Technologies, Inc Company All other product names mentioned herein are trademarks or registered trademarks of their respective owners The products described in this document are protected by U.S Patent No 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S Patents, foreign patents, or pending applications.43, and 7,165,076 and may be protected by other U.S Patents, foreign patents, or pending applications Contents Preface About this Guide Available Formats Obtaining the Correct Version .9 Obtaining New Issues of this Guide .9 About the Endpoint Security Documentation Set 10 Documentation for Administrators .10 Documentation for Endpoint Users 10 Feedback 12 Chapter Introduction Using this Guide 13 Assumptions 14 Basic Setup 14 Sample Configuration 14 Chapter Endpoint Security Overview Endpoint Security System Overview 15 System Architecture 15 Endpoint Security Server 16 Endpoint Security Clients 17 Client Packages 17 Gateways 17 Endpoint Security Communications 18 Endpoint Security Ports .18 Endpoint Security Modes 18 Endpoint Security Views 18 Endpoint Security Feature Overview 19 Policies 19 Firewall Rules, Zone Rules, and Program Control 22 Firewall Rules 23 Zones .23 Program Control 25 Enforcement .26 Chapter Planning Using a Pilot Installation 27 Prerequisites 27 Choosing Your Client Type 28 Choosing Your Enterprise Policy Types 28 Choosing Your Security Model 29 Endpoint Security Implementation Guide Gathering Topology Information 29 Planning User Support 30 Chapter Installation Running the Installer 32 Logging In 35 Chapter Configuring Policies Policy Stages 36 Distributing Your First Policy 37 Default Policy 37 Distributing the Endpoint Security Client .37 Chapter Creating a Basic Policy Configuring Zones 40 Setting Program Observation .42 Configuring Program Advisor .43 Deploying the Policy 44 Testing the Policy 44 Chapter Creating a More Advanced Policy Setting Firewall Rules 47 Program Control 48 Setting Program Permissions 48 Configuring Enforcement Settings 51 Setting Enforcement Rules 51 Deploying the Policy 54 Testing the Policy 55 Checking the Program Rule 55 Checking the Enforcement rule 55 Chapter Assigning Policies Workflow 56 Switching Views 58 Creating Catalogs 59 Choosing a Catalog Type 59 Creating an LDAP Catalog 59 Creating an IP Catalog .59 Creating a Custom Policy 60 Deploying the Custom Policy 61 Assigning the Custom Policy 62 Testing the Custom Policy 63 Checking the Custom Policy .63 Checking the Default Policy 63 Endpoint Security Implementation Guide Chapter Understanding Policy Lifecyles Understanding Policy Lifecycles 65 Suggested Policy Settings 66 Sample Policy Lifecycles 67 Low Threat Lifecycle 67 High Threat Lifecycle 69 Policy Lifecycles for VPN 71 Chapter 10 Supporting the User Educating the Endpoint User 73 Inform Endpoint Users in Advance 74 Provide Information About Your Security Policy 74 Describe the Distribution Process 75 Providing Remediation Resources 75 Using Alerts for User Self-help 75 Using the Sandbox for User Self-Help 75 Preparing your Helpdesk Staff 77 Documentation 77 Training 77 Endpoint Security Implementation Guide Preface In This Preface About this Guide page About the Endpoint Security Documentation Set page 10 Feedback page 12 Endpoint Security Implementation Guide About this Guide The Endpoint Security Implementation Guide provides an overview of Endpoint Security features and concepts Follow the steps in this guide to install and configure a basic Endpoint Security system as part of a pilot program This pilot installation will help you understand the basic features and functionality of the Endpoint Security system This guide also explains how to plan your security policies, and provide support to endpoint users Please use the version appropriate to your installation Once you have mastered these features, you will be able to use the Endpoint Security Administrator guide to use other features and to set up an installation that is more specific to your actual network needs Available Formats This guide is available as a PDF This document is available from the Check Point CD Updated editions of the document may be available on the Check Point Website after the release of Endpoint Security The version of this document on the Check Point Website may be more up-to-date than the version on the CD When obtaining updated PDF editions from the Check Point Website, make sure they are for the same server version as your Endpoint Security Do not attempt to administer Endpoint Security using documentation that is for another version Obtaining the Correct Version Make sure that this document has the Version Number that corresponds to the version of your Endpoint Security The Version Number is printed on the cover page of this document Obtaining New Issues of this Guide New issues of this guide are occasionally available in PDF format from the Check Point Website When using the PDF version of this document, make sure you have the most up-to-date issue available The issue date is on the cover page of this document When obtaining the most up-to-date issue of the documentation, make sure that you are obtaining the issue that is for the appropriate server Endpoint Security Implementation Guide About the Endpoint Security Documentation Set A comprehensive set of documentation is available for Endpoint Security, including the documentation for the Endpoint Security clients This includes: „ “Documentation for Administrators,” on page 10 „ “Documentation for Endpoint Users,” on page 10 Documentation for Administrators The following documentation is intended for use by Endpoint Security administrators Table 4-1: Server Documentation for Administrators Title Description Endpoint Security Installation Guide Contains detailed instructions for installing, configuring, and maintaining Endpoint Security This document is intended for global administrators Endpoint Security Administrator Guide Provides background and task-oriented information about using Endpoint Security It is available in both a Multi and Single Domain version Endpoint Security Administrator Online Help Contains descriptions of user interface elements for each Endpoint Security Administrator Console page, with crossreferences to the associated tasks in the Endpoint Security Administrator Guide Endpoint Security System Requirements Contains information on client and server requirements and supported third party devices and applications Endpoint Security Gateway Integration Guide Contains information on integrating your gateway device with Endpoint Security Endpoint Security Client Management Guide Contains detailed information on the use of third party distribution methods and command line parameters Endpoint Security Agent for Linux Installation and Configuration Guide Contains information on how to install and configure Endpoint Security Agent for Linux Documentation for Endpoint Users Although this documentation is written for endpoint users, Administrators should be familiar with it to help them to understand the Endpoint Security clients and how the policies they create impact the user experience Endpoint Security Implementation Guide 10 Table 4-2: Client documentation for endpoint users Title Description User Guide for Endpoint Security Client Software Provides task-oriented information about the Endpoint Security clients (Agent and Flex) as well as information about the user interface Introduction to Endpoint Security Flex Provides basic information to familiarize new users with Endpoint Security Flex This document is intended to be customized by an Administrator before distribution See the Endpoint Security Implementation Guide for more information Introduction to Endpoint Security Agent Provides basic information to familiarize new users with Endpoint Security Agent This document is intended to be customized by an Administrator before distribution See the Endpoint Security Implementation Guide for more information Endpoint Security Implementation Guide 11 ... documents: „ Endpoint Security System Requirements „ Endpoint Security Installation Guide „ Endpoint Security Administrator Guide „ Endpoint Security Gateway Integration Guide „ Endpoint Security. .. Management Guide Endpoint Security Implementation Guide 14 Chapter Endpoint Security Overview In This Chapter Endpoint Security System Overview page 15 Endpoint Security Communications page 18 Endpoint. .. 77 Endpoint Security Implementation Guide Preface In This Preface About this Guide page About the Endpoint Security Documentation Set page 10 Feedback page 12 Endpoint Security Implementation Guide