Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point.

Slides:



Advertisements
Similar presentations
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Unified Logs and Reporting for Hybrid Centralized Management
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Wireless Network Security
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
Barracuda Networks Steve Scheidegger Commercial Account Manager
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.
Windows 2003 and 802.1x Secure Wireless Deployments.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.
Clinic Security and Policy Enforcement in Windows Server 2008.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Implementing Network Access Protection
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
Module 8: Configuring Network Access Protection
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Security fundamentals Topic 10 Securing the network perimeter.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
User and Device Management
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
Module 5: Network Policies and Access Protection
© Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. Introducing Check Point Endpoint Security J E (John)
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Moving Beyond the Perimeter with Intelligent Security Alfredo Cusin Channel Mgr.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.
Security fundamentals
Barracuda SSL VPN 2012.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Chapter 7. Identifying Assets and Activities to Be Protected
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Forefront Security ISA
Wireless Network Security
Check Point Connectra NGX R60
Wireless Network Security
Presentation transcript:

access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point

access · management security · performance Agenda Introductions Part 1 : History - End Point Story Part 2 : Present – The products right now Part 3 : Future – Roadmap Lunch Go Karting

access · management security · performance HISTORY

access · management security · performance Brief Product History 199X – VPN Clients SecuRemote SecureClient 2003 – ZoneAlarm Purchase Integrity Integrity Secure Client Integrity Clientless Security 2006 – Pointsec Purchase Pointsec for PC Pointsec Mobile Pointsec Protector

access · management security · performance Historic Licensing SecuRemote SecureClient Integrity Integrity Desktop Integrity Server Integrity Secure Client Integrity Clientless Security Pointsec for PC Pointsec Protector Reflex Magnetics DiskNet Pro Pointsec for MAC Pointsec Mobile SecureClient Mobile SSL Network Extender (SNX)

access · management security · performance Confusing Licensing Models Bundles of users / Individual Need for Server / No server Concurrent / Per User

access · management security · performance Licensing Simplication SecuRemote SecureClient Integrity Integrity Desktop Integrity Server Integrity Secure Client Integrity Clientless Security Pointsec for PC Pointsec Protector Reflex Magnetics DiskNet Pro Pointsec for MAC Pointsec Mobile SecureClient Mobile SSL Network Extender (SNX)

access · management security · performance Licensing Simplication SecuRemote – Now included in GW’s / Appliances SecureClient – EPSA Integrity – EPSA Integrity Desktop – EPSA Integrity Server – EPSA Integrity Secure Client – EPSA Integrity Clientless Security - Connectra Pointsec for PC – EP FDE Pointsec Protector – EP MEPP Reflex Magnetics DiskNet Pro – EP MEPP Pointsec for MAC Pointsec Mobile SecureClient Mobile Integrity Clientless Security SSL Network Extender (SNX)

access · management security · performance New Product Line Up EndPoint Security Secure Access EndPoint Security Full Disk Encryption EndPoint Security Media Encryption EndPoint Security Total Security SecureClient Mobile SSL Network Extender (SNX) Pointsec for MAC

access · management security · performance Pricelist.CheckPoint.Com

access · management security · performance Pointsec Mobile

access · management security · performance Secure Access / SNX

access · management security · performance Wickhill Can Help!!!! End Point Pricing Calculator

access · management security · performance End Point Secure Access Product Features Client Firewall Program Control Anti – Virus Anti – Spyware Network Access Control IPSEC VPN Enforcement Client IPS

access · management security · performance End Point FDE / MEPP Product Features Full Disk Encryption Client Device Control Media Encryption

access · management security · performance Product Installation / Managment End Point Secure Access Server / Client Server Integrated with SmartCentre End Point Media Encryption Server / Client End Point Full Disk Encryption Client / UNC Path for Central Managment

access · management security · performance Product Walkthrough DEMO

access · management security · performance PRESENT

access · management security · performance End Point Secure Access Policy Enforcement Options Userbased Policies LDAP RADIUS NTLM IP Based Policies Ranges Subnets Co-Operative Enforcement with Interspect Cisco VPN3000 Concentrator Nortel Contivity VPN CheckPoint VPN-1 Gateway 802.1x

access · management security · performance 802.1x IEEE 802.1X / IETF Standards Track (RFC 2284) Improve PPP authentication process Address security gaps in WiFi/WLAN deployments

access · management security · performance Standard EAP Session Enterprise Network SupplicantAccess Point RADIUS Server EAP Start EAP Request/ID Start EAP Authentication Ask Client for Identity EAP Response/ID (UserID) RADIUS Access Request Access Request w/ UserID EAP Request/ Challenge Perform EAP Sequence (MD5, TLS, PEAP) RADIUS Access: Accept EAP Success RADIUS Access Challenge: EAP RADIUS Reply/ Challenge EAP Response/ Password RADIUS Access: Restrict EAP Success ( restricted access) OR,

access · management security · performance Check Point EAP Integration Enterprise Network SupplicantAccess Point RADIUS Server Integrity Server RADIUS “Proxy” RADIUS Access: Accept EAP Success Accept Proxy (success) Proxy (failure) RADIUS Access: Restrict EAP Success ( restricted access) OR, RADIUS Request EAP Request/ Challenge: ZLX RADIUS Access Challenge: EAP ZLX RADIUS Reply/ Challenge EAP Response/ ZLX (policy) Policy Query Policy Lookup Reject (Std. EAP Session) = New components or data extensions = EAP existing standard

access · management security · performance NAC is Here to Enforce identity-based access policies Control who is accessing what Prevent guests from unauthorized access Allow demonstrable compliance with growing body of regulatory requirements Mitigate the risks of endpoint-borne attacks Check endpoint compliance as a precondition for network access Quarantine and remediate non-compliant endpoints Monitor devices connected on the network Protect against attacks on critical resources

access · management security · performance Flat networks are gone. Networks are becoming functionally segmented Access controls are being deployed between segments NAC brings identity and compliance awareness into segmentation and access control Internal Access Network Internal Applications DMZ Employee Partner Wireless Finance Sales Partner Employee Internet Context: NAC and “The disappearing perimeter”

access · management security · performance NAC has been over-hyped! Now we’re in the “trough of disillusionment” The rate of pilot-to-production is very low (and these pilots don’t come cheap!) The initial promise of “clientless NAC” is proving to be a mirage Standards are slow to take hold In the meantime Cisco – NAC’s largest promoter - markets the “Self Defending Network” but sells only proprietary, 802.1x-incompatible, SW-based “NAC appliance” Network Access Confusion

access · management security · performance Simplifying NAC Get your feet wet with limited NAC deployments Define a reasonable life span for your pending NAC projects Define Attainable security objectives Leverage existing investments Prediction: NAC is young. You won’t see a one-size-fit-all solution in 2008

access · management security · performance Check Point NAC Identify aware firewall in VPN-1Identify aware firewall in VPN-1 SecureClient SCV (desktop configuration verification)SecureClient SCV (desktop configuration verification) Integrity Client Network Access Control (Client Self-Enforcement)Integrity Client Network Access Control (Client Self-Enforcement) Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways)Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways) Integrity/802.1x LAN Access Control IntegrationIntegrity/802.1x LAN Access Control Integration Founding Member of Trusted Network Connect (TNC) InitiativeFounding Member of Trusted Network Connect (TNC) Initiative Clientless Security for Enforcement of Unmanaged PCsClientless Security for Enforcement of Unmanaged PCs Cooperative Enforcement with ConnectraCooperative Enforcement with Connectra Secure Automated RemediationSecure Automated Remediation Cooperative Enforcement with VPN-1 Edge (802.1x)Cooperative Enforcement with VPN-1 Edge (802.1x) Unified Management of NAC, Endpoint, and Network Security InfrastructureUnified Management of NAC, Endpoint, and Network Security Infrastructure Enforcement with Intel AMTEnforcement with Intel AMT CP EPS with VPN-1 UTM/PowerCP EPS with VPN-1 UTM/Power Identify aware firewall in VPN-1Identify aware firewall in VPN-1 SecureClient SCV (desktop configuration verification)SecureClient SCV (desktop configuration verification) Integrity Client Network Access Control (Client Self-Enforcement)Integrity Client Network Access Control (Client Self-Enforcement) Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways)Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways) Integrity/802.1x LAN Access Control IntegrationIntegrity/802.1x LAN Access Control Integration Founding Member of Trusted Network Connect (TNC) InitiativeFounding Member of Trusted Network Connect (TNC) Initiative Clientless Security for Enforcement of Unmanaged PCsClientless Security for Enforcement of Unmanaged PCs Cooperative Enforcement with ConnectraCooperative Enforcement with Connectra Secure Automated RemediationSecure Automated Remediation Cooperative Enforcement with VPN-1 Edge (802.1x)Cooperative Enforcement with VPN-1 Edge (802.1x) Unified Management of NAC, Endpoint, and Network Security InfrastructureUnified Management of NAC, Endpoint, and Network Security Infrastructure Enforcement with Intel AMTEnforcement with Intel AMT CP EPS with VPN-1 UTM/PowerCP EPS with VPN-1 UTM/Power Leveraging Existing Investment x

access · management security · performance Ensuring Endpoint Policy Compliance Auto-Remediation Policy checks for critical updates Internal and external NAC Ensures only safe endpoint devices can access the network Protects networks and systems from endpoint-borne attacks Facilitates remediation for out-of-compliance endpoints Network Access Control

access · management security · performance You can do it today with Endpoint Security Secure Employee Access with: Endpoint Security Self-Enforcement 802.1x support for VLAN steering Cooperative Enforcement for VPN-1 and UTM-1 All transparent to users!   Use Connectra portal for Guest/Partner access – –Endpoint Security On-Demand (ICS) provides posture checking – –For partners seeking access to internal applications, Check Point Secure Workspace provides a sanitized virtual platform the organization can trust – –Use SNX to deliver applications to partners, when needed

access · management security · performance Gateway (Firewall) Enforcement Corporate Network Internet HR Database Finance Database R65 Firewall Perimeter Firewall LDAP Directory Web Server Pool EPS 7 Server 1. Client Initiates connection to HR Resource 2. Gateway asks EPS server if endpoint is known and in compliance 3. EPS 7.0 Server checks for policy for AD\jsmith 4. Gateway implements compliant user firewall rules 5. User has access to HR database but can not even ping Finance servers (invisible to end user) No need to do printer exceptions No need to do VoIP phone exceptions Unique

access · management security · performance NAC Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.