Download presentation
Presentation is loading. Please wait.
1
SmartCenter for Pointsec - MI
2
Slide Graphic Legend
3
Check Point Software Technologies
1 Check Point Software Technologies
4
Course Layout Prerequisites General Knowledge of TCP/IP
Working Knowledge of Active Directory Working Knowledge of network technologies Working Knowledge of the Internet
5
Recommended Setup Machine A: Windows 2003 server SP2,
Domain Controller with Active Directory, DHCP DNS IIS Root CA. SQL database installation. Pointsec X9.9 demonstration token installed. Machine B: Windows XP SP2, Configured as DHCP client.
6
SmartCenter for Pointsec – MI Overview
2 SmartCenter for Pointsec – MI Overview
7
Administering Full Disk Encryption
What SmartCenter for Pointsec – MI Offers Central Management Modular Framework Integration with Active Directory
8
Modular Framework – Server Side
9
Modular Framework – Client Side
10
Scalability
11
Active Directory Overview
What is Active Directory Database with emphasis on organizational structures What is it used for Mainly a structured way of managing access control Why do we integrate with AD? Reuse organizational structure Reuse user, group and computer representation Group Policies
12
Microsoft Management Console
13
MI Management Structure – OU Propagation
14
MI Management Structure – Installation via OU structures
15
MI Components – Component Interaction
16
Server Side Components – MI Management Console
17
MI Management Console 17
18
Server Side Components – MI Database (MIDB)
19
System Requirements - MI Database
19
20
Server Side Components – Directory Scanner
21
System Requirements – MI Directory Scanner
21
22
Server Side Components – Connection Point
23
System Requirements – MI Connection Point
23
24
Client Side Components
Device Agent Polling, Deployment, Installation User Collector Collects User Account & Logon Information Software & Security Modules device agents Full Disk Encryption Media Encryption
25
Physical Architecture
26
System Requirements - MI Sharing servers
26
27
Remote Help
28
Installing SmartCenter for Pointsec - MI
1 Installing SmartCenter for Pointsec - MI
29
Review Questions & Answers
Does Active Directory require any special configuration or modifications when SmartCenter for Pointsec - MI is configured to work with it?
30
Review Questions & Answers
No. The Directory Scanner needs only “read” permissions when interacting with AD, no schema extensions or additional objects are required.
31
Review Questions & Answers
Describe the three types of objects used in Active Directory.
32
Review Questions & Answers
Users, Services and Resources
33
Review Questions & Answers
Can all SmartCenter for Pointsec - MI components be installed on a single device? If not, why?
34
Review Questions & Answers
Technically, it is possible but not recommended as this may impact available resources negatively.
35
The SmartCenter for Pointsec - MI Management Console (MIMC)
3 The SmartCenter for Pointsec - MI Management Console (MIMC)
36
Accessing the MIMC Keyboxes and the MIMC Opening a Keybox
37
The MIMC
38
About The MIMC Management Console Overview Organizational Views Search
Software Services Statistics Logs Remote Help Console Configuration
39
About The MIMC Menus SmartCenter for Pointsec – MI Explorer
40
Configuring MIMC Accounts
Accessing Account Group Settings Main Account Group Settings Explorer Nodes OU Settings Device Settings User Account Group Dynamic Tokens Logs Services
41
The MIMC Device Properties User Account Properties Services Searching
Accessing Device Properties Resetting A Device User Account Properties Services Working with Connection Points Working with Directory Scanners Download Locations Searching Accessing Search Options Statistics Logging
42
Review Questions & Answers
Where in the OU hierarchy can the properties for an installed Software Module be accessed?
43
Review Questions & Answers
Anywhere in the OU hierarchy that the software module is associated with.
44
Review Questions & Answers
What are two methods of searching that can be used in the Search function? When would each be applicable?
45
Review Questions & Answers
“Search by name” and “Search by state” “Search by name” is useful is looking for a specific object, software module or container. “Search by state” is useful for determining the status of an installation, or why a connection point may not be responding to requests.
46
Review Questions & Answers
What function does resetting a device serve when working in the MIMC?
47
Review Questions & Answers
In situations where a computer has crashed during installation or when a device has been removed from Active Directory before SmartCenter for Pointsec - MI has done a directory re-scan.
48
4 The Directory Scanner
49
The Directory Scanner Accessing the Directory Scanner GUI
Technical Overview of the Directory Scanner Technique when used Polling for Changes Permissions
50
Review Questions & Answers
What is the main task of the Directory Scanner?
51
Review Questions & Answers
To initially scan Active Directory and replicate this information in the MI database. After the initial scan, to rescan Active Directory for changes to Active Directory and replicate these changes back to the MI database.
52
Review Questions & Answers
Where is all SmartCenter for Poinstec - MI data stored?
53
Review Questions & Answers
In the SQL database that is used for the MI database. All necessary data is copied over from the Active Directory store.
54
Review Questions & Answers
Will the Directory Scanner continue to scan if encountering corrupted objects in a scan?
55
Review Questions & Answers
Not by default. It must be configured to do so.
56
5 Software Modules
57
About MI Software Modules
Accessing Modules in SmartCenter for Pointsec - MI Accessing Properties for the Security Product
58
Review Questions & Answers
What are the two types of software modules that are managed in SmartCenter for Pointsec - MI? What is the main difference between the two?
59
Review Questions & Answers
Device Agents and Security Modules. Device Agents are necessary for communications with the SmartCenter for Pointsec - MI framework. Security Modules are products that are used to secure workstations and laptops in an enterprise.
60
Review Questions & Answers
Where would the version information for a module be viewed?
61
Review Questions & Answers
By selecting the Properties of the actual binary in the Software section of the MIMC.
62
Review Questions & Answers
Where in the OU hierarchy can a security product’s properties be viewed?
63
Review Questions & Answers
At any point in the OU hierarchy that the security product is associated with.
64
The Virtual Directory Structure
6 The Virtual Directory Structure
65
The Virtual Directory Structure
66
The Virtual Directory Scanner
Automatic Creation of VDS Objects Deleted Computers Node Managing VDS Nodes
67
Review Questions & Answers
What is the purpose of having a Virtual Directory Structure in SmartCenter for Pointsec - MI?
68
Review Questions & Answers
The Virtual Directory Structure is used by SmartCenter for Pointsec - MI to act as a repository for Objects that are not part of the normal Active Directory structure MI scans.
69
Review Questions & Answers
When are computers added to the Deleted Computers node in the Virtual Directory Structure?
70
Review Questions & Answers
When the computer has been deleted from the Active Directory structure.
71
Review Questions & Answers
What impact could User Collector have on the contents of the Virtual Directory Structure?
72
Review Questions & Answers
All users collected by the User Collector which are not found in the Active Directory Store will be added to the Virtual Directory Structure. This could be an issue if the user collector has not recently polled the Active Directory store for updates.
73
7 The MI Device Agent
74
The MI Device Agent Monitoring the Device Agent The Device Agent GUI
Accessing the SmartCenter MI Device Agent GUI Reviewing Connection Point Information
75
Configuring and Deploying the Device Agent
2 Configuring and Deploying the Device Agent
76
Review Questions & Answers
Why is the device agent required to be installed on client PCs in the SmartCenter for Pointsec - MI framework?
77
Review Questions & Answers
It is the service that is used by the Framework to send & receive information & software modules to the client.
78
Review Questions & Answers
What level of access is required to work with the Device Agent GUI on a workstation or laptop?
79
Review Questions & Answers
Administrator level access.
80
Review Questions & Answers
The Device Agent GUI provides some basic troubleshooting functionality which could useful in what circumstances?
81
Review Questions & Answers
An administrator can use the ping test when troubleshooting connectivity issues with a connection point. Additionally, the command tab provides methods for testing the device agent’s ability to download security modules.
82
8 The User Collector
83
The User Collector What is the User Collector?
Accessing the User Collector Properties Working with Domain Name Restrictions and Exclusion Lists Monitoring the User Collector Acquired Users Displayed in SmartCenter for Pointsec – MI
84
Configuring and Deploying the User Collector
3 Configuring and Deploying the User Collector
85
Review Questions & Answers
Is the User Collector required on clients in the SmartCenter for Pointsec - MI framework? If not, why is it available?
86
Review Questions & Answers
No, it’s not. The User collector can provides and easier way for Administrators to collect User information from an enterprise and add this to the MI structure.
87
Review Questions & Answers
How many users are reported by the User Collector per poll cycle? What might this impact?
88
Review Questions & Answers
1 per cycle. If multiple users log into a single system in between poll cycles, they may be missed in when the user collector next polls the system.
89
Review Questions & Answers
What is the maximum number of users that can be configured to be collected? Is this a “hard limit’?
90
Review Questions & Answers
Yes, but it can be superseded by selecting the “unlimited number of users” option in the User Collector GUI.
91
9 Full Disk Encryption
92
The Need for Full Disk Encryption
Full Disk Encryption Data Security Technology File and Disk Encryption Boot Protection/Authentication
93
Full Disk Encryption — Complete Data Protection
94
Full Disk Encryption Security Features
Languages Supported in Full Disk Encryption How It Works Authentication Methods Recovery Authority Levels Automatic Logging and Centralized Auditing Remote Help Full Disk Encryption Licensing
95
Full Disk Encryption Components
Full Disk Encryption Database Full Disk Encryption Boot Authentication Full Disk Encryption Management Console Full Disk Encryption Encryption-Key Generation Recovery File Naming Conventions Services and Processes Initial Encryption of the Hard Drive Full Disk Encryption Licensing
96
System Requirements Supported Operating Systems
Operating-System Requirements/Limitations File Systems/Volumes/OS Upgrades Software Incompatibilities Known Limitations Services and Processes Initial Encryption of the Hard Drive Full Disk Encryption Licensing
97
Full Disk Encryption – MI Client
4 Full Disk Encryption – MI Client
98
Review Questions & Answers
Which components comprise the basic installation of Full Disk Encryption? Discuss the importance of each:
99
Review Questions & Answers
Secure local user database: stores all of the users and groups that have access to the local computer on which Full Disk Encryption is installed Preboot authentication program: allows for the Full Disk Encryption authentication to appear at boot Full Disk Encryption Management Console: divided into three primary sections: Local, Remote and Remote Help Recovery-file creation from registry entries: recovery file format is ComputerName_R.rec, where ComputerName is the value of the computer name as listed in the registry key
100
Review Questions & Answers
Encryption/decryption key and program services: Individual keys created for each partition, to provide the highest level of security Monitoring program: checks encryption status, locks the workstation, and selects the language in the PBE or Windows
101
Review Questions & Answers
Is the Full Disk Encryption Management Console accessible in a Full Disk Encryption MI client installation? If so, what is the main difference in this?
102
Review Questions & Answers
Yes, it is. The features and functions that are normally accessible here are grayed out since these are all controlled by SmartCenter for Pointsec – MI.
103
Review Questions & Answers
What are three types of hard-drive protection, and which two are used by Full Disk Encryption? Why?
104
Review Questions & Answers
File Encryption, Data Encryption & Boot Protection Boot protection and Data Encryption - these provide the most secure level of data security.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.