Scribd Logo
Upload

Welcome to Scribd!

  • 33 views

    Qos and Ips

    Uploaded by

    bone9x
    The document discusses Check Point's Quality of Service (QoS) and Intrusion Prevention System (IPS) solutions. It explains that Check Point QoS prioritizes critical applications and traffic using stateful inspection to classify traffic and apply bandwidth controls. It also guarantees bandwidth for real-time applications like VoIP. Check Point IPS protects networks by monitoring for malicious activity or anomalies, attempting to block threats, and reporting on detected issues using signature-based or statistical detections.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd

    Qos and Ips

    Uploaded by

    bone9x
    33 views16 pages
    The document discusses Check Point's Quality of Service (QoS) and Intrusion Prevention System (IPS) solutions. It explains that Check Point QoS prioritizes critical applications and traffic using stateful inspection to classify traffic and apply bandwidth controls. It also guarantees bandwidth for real-time applications like VoIP. Check Point IPS protects networks by monitoring for malicious activity or anomalies, attempting to block threats, and reporting on detected issues using signature-based or statistical detections.

    Original Title

    qos and ips

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses Check Point's Quality of Service (QoS) and Intrusion Prevention System (IPS) solutions. It explains that Check Point QoS prioritizes critical applications and traffic using stateful inspection to classify traffic and apply bandwidth controls. It also guarantees bandwidth for real-time applications like VoIP. Check Point IPS protects networks by monitoring for malicious activity or anomalies, attempting to block threats, and reporting on detected issues using signature-based or statistical detections.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    33 views16 pages

    Qos and Ips

    Uploaded by

    bone9x
    The document discusses Check Point's Quality of Service (QoS) and Intrusion Prevention System (IPS) solutions. It explains that Check Point QoS prioritizes critical applications and traffic using stateful inspection to classify traffic and apply bandwidth controls. It also guarantees bandwidth for real-time applications like VoIP. Check Point IPS protects networks by monitoring for malicious activity or anomalies, attempting to block threats, and reporting on detected issues using signature-based or statistical detections.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 16

    QOS and IPS

    Check Point QoS is a Security Policy based, Quality of


    Service (QoS) solution for VPNs, private WANs, and
    Internet links.

    Check Point QoS optimizes network performance, by
    prioritizing business-critical applications and end-user
    traffic. It can prioritizes business-critical traffic, such as
    enterprise resource planning (ERP), database and Web
    service traffic, over less time-critical traffic.

    Check Point QoS guarantees bandwidth and control
    latency for streaming applications, such as Voice over IP
    (VoIP) and video conferencing. With highly granular
    controls, Check Point QoS enables priority access to
    specific employees, even if they are remotely accessing
    network resources through a VPN tunnel.
    QOS Key Terms
    Stateful Inspection: is very important to control the state
    and the sanity of a packet from the header to the
    payload(data). Checkpoint also uses the stateful
    inspection technology to implement QOS as well.

    With the Checkpoint QOS, its going to leverage the
    Stateful packet inspection which captures and
    dynamically updates detailed state information on the
    network traffic that passes through the Firewall. This
    information will then be used to classify the traffic by
    service or application and after it has classsified that
    type of traffic, it will use the process called as weighted
    fair queuing to apply QOS to those packets to make sure
    we get a proper bandwidth control mechanism in place
    Retransmission Detection Early Drop: prevents
    retransmitted tcp streams on the network. It
    helps in a cleaner flow of packets on wire.

    Weighted Flow Random Early Drop: It is a
    mechanism for managing packet buffers by
    selectively dropping packets during periods of
    network congestion. Its transparent to users and
    does not require any administrator configuration.
    Once the QOs is enabled and the policy is
    installed to the firewall, WFRED process daemon
    gets started automatically. It also helps in a
    cleaner flow of packets on wire.
    Intelligent Queuing Engine: it uses state
    derived information from stateful inspection to
    classify the traffic and place it in the proper
    transmission queue.


    QOS Rulebase Actions:

    Weight
    Guarantee
    Limit
    Weight: Its the relative portion of the availabile
    bandwidth thats allocated to a rule. Using this item we
    can set a weight on the QOS rule as to how much
    bandwidth a particular service can utilize

    Guarantee: It allocates the amount of bandwidth
    matching with a particular rule.


    Limit: It specifies the maximum bandwidth assigned to
    all connections. It defines a point beyond which
    connections under a rule are not allocated the
    bandwidth even if there is unused bandwidth available
    Types of Policies in QOS:

    Express mode (simple) policy and Traditional

    Express mode (simple) policy: will allow
    administrator to define basic policies to quickly
    impose a QOS policy in the network

    Traditional mode Policy: it will incorporate
    more advance features of QOS
    Sub rules: are the rules that exist under the
    default rule of cp QOS policy. As an example
    we may have a rule stating that we have a
    weight or a guarantee of 20 on a SMTP packet
    but we also have a policy for same service that
    says SMTP from a specific host or a specific
    vendor should get a higher value than the
    default SMTP rule. In this case we use a Sub
    rule.
    Differentiated Services: DiffServ is an architecture for
    providing different types or levels of service for network
    traffic. Packets are marked in the IP header TOS byte, inside
    the enterprise network as belonging to a certain Class of
    Serviceor QoS Class.

    These packets are then granted priority on the public
    network.

    DiffServ markings have meaning on the public network, not
    inside the enterprise network.

    We can typically see diffserv used where ISP is going to be
    able to honor types of traffic based on the dif serv markings
    that is applied to it. As an example for a Voice and video
    traffic a marking will be applied to the TOS (Type of Service)
    packet header as it traverses through different locations.
    Authenticated QOS: Check Point
    Authenticated QoS provides Quality of Service
    (QoS) for end-users in dynamic IP
    environments, such as remote access and
    DHCP environments. This enables priority
    users, such as corporate CEOs, to receive
    priority service when remotely connecting to
    corporate resources.
    Configuring QOS:
    Enable QOS

    Enable Monitoring

    Edit the FW object:
    1. Under Topology: Go to edit external interface and define QOS parameters
    here
    2. Make sure QOS logging is enabled under logs and masters > Additional
    Logging


    Under Global Properties
    Global properties > QOS > set it to KBps
    Create a Rule and a Sub rule

    Verify under Smartview Monitor

    Verify under Smartview Tracker
    IPS
    Intrusion prevention systems (IPS) are
    network security appliances that monitor
    network or system activities for malicious
    activity. The main functions of intrusion
    prevention systems are to identify malicious
    activity, log information about the said
    activity, attempt to block/stop activity, and
    report activity.
    IPS can send an alarm, drop the malicious packets,
    resetting the connection and/or blocking the traffic
    from the offending IP address.

    The detections can be either signature-based or
    statistical anomaly-based

    Signature-based detection: This method of detection
    utilizes signatures, which are attack patterns that are
    preconfigured and predetermined. A signature-based
    intrusion prevention system monitors the network
    traffic for matches to these signatures. Once a match is
    found the intrusion prevention system takes the
    appropriate action.


    Statistical anomaly-based detection: This
    method of detection baselines performance of
    average network traffic conditions. After a
    baseline is created, the system intermittently
    samples network traffic, using statistical
    analysis to compare the sample to the set
    baseline. If the activity is outside the baseline
    parameters, the intrusion prevention system
    takes the appropriate action.

    Confidence Level
    How confident IPS is that recognized attacks
    are actually undesirable traffic. The higher the
    Confidence Level of a protection, the more
    confident Check Point is that recognized
    attacks are indeed attacks; lower Confidence
    Levels indicate that some legitimate traffic may
    be identified as an attack.

    You might also like