Course Overview
During this 2-day instructor-led course, you will learn advanced skills to configure and manage the Check Point IPS Software Blade. You will create, modify and monitor a client profile, monitor an attack, gather IPS statistics, customize a protection, and learn basic troubleshooting techniques.
Who should attend
- Technical persons who support, install, deploy or administer Check Point security solutions should attend this course including:
- System Administrators
- System Engineers
- Support Analysts
- Network Engineers
- Anyone seeking to extend a Check Point certification
Prerequisites
Persons attending this course should have general knowledge of TCP/IP, working knowledge of Windows and/or Unix, network technology, the Internet and 6 months experience working in a Check Point security gateway environment.
Course Objectives
- Understand how security policies affect network processes
- Learn how data is used to fine tune processes and reduce risk
- Incorporate 5 proven IT security best practices
- Discuss IPS deployment strategies
- Discuss the layers of the IPS engine
- Describe the unique capabilities of the Check Point IPS engine
- Create and apply profiles to groups of devices that need protection against certain attacks
- Discuss how IPS Mode determines detect or prevent default protections
- Describe how the severity of an attack is determined
- Learn how to schedule automatic updates for ongoing protection
- Use Geo Protection to control traffic by country
- Learn to discover abnormal events, attacks, viruses, or worms when raw data is analyzed
- Discuss the major components in IPS Event Analysis Architecture
- Describe what you can do with the IPS Event Analysis Client
- Describe why having signatures available that protect against known vulnerability attacks is essential
- Describe how a good IPS solution will have zero-day threat prevention to protect against attacks which exploit unknown or undisclosed vulnerabilities
- Be able to distinguish false positives
- Describe the benefits of SecureXL and CoreXL
- Describe the function of the Passive Streaming Library (PSL)
- Be able to configure how IPS is managed during a cluster failover
- Learn how to focus on high severity and high confidence level protections
- Properly configure hosts like DNS Servers, Web Servers and Mail Servers for IPS protections