Академический Документы
Профессиональный Документы
Культура Документы
Welcome!
Ed Capizzi
Janus
IT Security Auditor
ed.capizzi@janus.com
11/20/2002
OSI 7 Layer
Reference Model
11/20/2002
Router
11/20/2002
Proxy
11/20/2002
11/20/2002
Malicious authorized
users.
Connections that dont
go through it.
100% of all threats!
GUI
MM
FW
11/20/2002
User Interface
Enforcement Point
GUI
MM
FW
Monolithic Stack
11/20/2002
MM
GUI
FW
Remote GUI
11/20/2002
FW
GUI
MM
Remote Management
11/20/2002
Always Authenticated .
10
FW
MM
GUI
11/20/2002
11
GUI
FW
GUI
MM
GUI
Remote Management
AND Remote GUIs
11/20/2002
GUI
GUI
12
WIFM
GUI
MM
FW
11/20/2002
User Interface
Local Mode !
Management & Logging
Logs, Users, Configs, Rulesets
Enforcement Point
Daemons, Etc
13
11/20/2002
14
Any Input
Lets go look!
11/20/2002
15
Useful Commands
FW ver
FWM p
Fwstart
Fwstop
fw log
fw logexort
fw dpexport
fw printlic
fw status
cpconfig
(fwconfig)
11/20/2002
16
# fw ver
# This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1
Build 41862 [VPN + DES + STRONG]
11/20/2002
17
fwm p
11/20/2002
18
fwstart
- Self explanatory, be careful
fwstop
- Self explanatory,
dont use this!
11/20/2002
19
fw log
- Displays the log, feature rich (has many switches)
fw logexport
- Exports a log to ascii format with your choice of
delimiters. beware of size creep!
fw dpexport
- Exports the user database d to set delimiter
11/20/2002
20
Expiration
Features
170.199.190.253
Never
CPVP-ESC-U-3DES-V41 CK15CCD095822D
11/20/2002
21
cpconfig (fwconfig)
-config util to review fw setup
11/20/2002
22
cpconfig
(cont)
Configuration Options:
---------------------(1) Licenses
(2) Administrators
(3) GUI clients
(4) Remote Modules
(5) Groups
(6) Exit
11/20/2002
23
# ./fw stat
HOST
localhost
10:00:49 :
(Run on the FW
POLICY
Snoopy1
)
DATE
18Nov2002
11/20/2002
24
/$FWDIR/CONF/cp.licenses
- Licenses file
/$FWDIR/CONF/fwmusers
/$FWDIR/CONF/gui-clients
/$FWDIR/CONF/masters
./$FWDIR/log/
/$FWDIR/LOG/cpmgmt.aud
/$FWDIR/LOG/manage.lock
11/20/2002
25
/$FWDIR/CONF/rulebases.fws
#cat rulebases.fws
:rule-base ("##A_Standard_Policy"
:rule (
:src (
: Any
)
:dst (
: Any
)
:services (
: Silent_Services
)
:action (
: drop
)
:track ()
:install (
: Gateways
11/20/2002
26
/$FWDIR/CONF/objects.C
$ cat objects.fws
(
:anyobj (Any
:color (Blue)
)
:superanyobj (
: Any
)
:netobjgraph (
: (xnet-0
:color (black)
:type (network)
:location (internal)
:comments ("Created by the Graph View")
:broadcast (allow)
:ipaddr (2.2.2.0)
:netmask (255.255.255.0)
:read_only (true)
:is_network_implied (true)
:"#oldname" (
:type (refobj)
11/20/2002
:refname ("#_xnet-0")
)
27
/$FWDIR/CONF/cp.licenses
# cat cp.license
Sign {
LICENSE 10.199.8.26 never CPFW-OSE-U-V41 CK-5099B26B
}= 7xDQpDbe8LjfgDuDhaTvT6sem Index=0 Version=0
Sign {
LICENSE 10.199.8.26 never CPFW-ESC-U-V41 FW1:4.1:MOTIF CKF60A423378ED
}= xzgjzt2PSZoBCBBZe6YkLue6aFh Index=0 Version=0
Sign {
LICENSE 10.199.8.26 never CPFW-ENC-U-3DES-MODULE-V41 CPFW-ENC-U3DES-MGMT-V41 CK-FFA94CB
}= bySNrc5YJQpWHwWc96cva8SLHVhm Index=0 Version=0
11/20/2002
28
/$FWDIR/CONF/fwmusers
# cat fwmusers
Larry
2f1003fec499757c65fc004c4af907
000fff0f
Curly
2708994e49bef3b30d7538d2866a56
000f0fff
Mo
2f2b8765040049948c569f134c9e7fd
000ff0ff
Schemp
6b09f8b704bfd1a0c986ca5efffc5cd82
0ffffff0f
11/20/2002
29
/$FWDIR/CONF/gui-clients
# cat gui-clients
10.199.8.93
10.199.8.156
10.199.8.35
10.199.44.56
10.199.87.836
10.199.87.148
10.199.8.31
10.199.51.107
10.199.8.30
10.199.58.44
10.199.58.54
10.199.88.80
10.199.58.55
11/20/2002
10.199.8.180
30
/$FWDIR/CONF/masters
# cat masters
10.1.1.1
10.1.2.1
11/20/2002
31
/$FWDIR/LOG/cpmgmt.aud
New.W' on host 'Snoopy5'
Mon Nov 18 15:31:50 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
Mon Nov 18 15:31:52 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked.
Mon Nov 18 15:32:46 2002 log-viewer Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
Mon Nov 18 15:34:09 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<
Tue Nov 19 13:12:34 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
Tue Nov 19 13:12:36 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked.
Tue Nov 19 13:12:42 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<
Wed Nov 20 10:22:31 2002 rule-editor Mo@CMP-PC-0018: Mo@CMP-PC-0018 Logged in >>>>
Wed Nov 20 10:22:33 2002 rule-editor Mo@CMP-PC-0018: Read-Only Mode requested. Database remains
unlocked.
Wed Nov 20 10:23:23 2002 ------------------------------: Mo@CMP-PC-0018 Logged out <<<<
11/20/2002
32
/$FWDIR/LOG/cpmgmt.aud(cont)
nd7.W' on host 'Snoopy6and7'le-editor Curly@IT-STD-8900: Curly@IT-STD-8900 Logged in >>>>
Fri Nov 15 12:55:00 2002 rule-editor Curly@IT-STD-8900: Failed to lock database: Used by Larry@PC-059using fwm.18
11/20/2002
Intermiss
33
a. Phoneboy
www.phoneboy.com
b. Cassandra
- cassandra.cerias.purdue.edu
c. Bugtraq
- online.securityfocus.com/archive
d. Sun
- www.sun.com
e. MS
- www.microsoft.com
f. Checkpoint
www.checkpoint.com
11/20/2002
34
35
11/20/2002
36
11/20/2002
37
11/20/2002
38
11/20/2002
39
11/20/2002
40
Advanced GUI
1.
2.
3.
4.
5.
11/20/2002
41
Thank You
11/20/2002
42