6. Check Point for maximum. Ips. Part 2
- Tutorial
Welcome to the 6th lesson and we continue the topic of IPS. The previous lesson was fully devoted to the misconceptions about the IPS, and we also briefly reviewed the history of the formation of intrusion prevention systems. I strongly recommend to look at the 5th lesson before starting this one. This will allow a deeper understanding of the issue. This lesson is fully devoted to the practical part. For various attacks, we will use the Kali-Linux distribution with tools such as OpenVAS , Metasploit, and the Social Engineering Toolkit . As attacked systems, we will have:
- The user's computer, i.e. User
- And WebSrv, located in the DMZ.
Let's look at the layout with which we will work. As you can see, the same layout:
As a WebSrv deployed a special "vulnerable" distribution Metasploitable . It is very often used when teaching ethical hacking.
Both the user and the server are behind Check Point, which we will experience. As a test, we will try to “push” a virus file through a checkpoint, try a vulnerability scanner, try to remotely exploit one of the vulnerabilities, and then perform the simplest brute force. Let's see how the checkpoint will respond to this with the default settings, then we will try to strengthen the protection and check the result. The lesson turned out to be quite long (35 minutes of video), so I will not upload all the screenshots. Better to put myself video lesson:
Key points for optimizing IPS settings:
- Move IPS to a separate Layer;
- Create multiple IPS policies for different segments;
- Select only the required signatures using filters.
More details in the video above.
The main thing that you should learn from this lesson is:
IPS is an up-to-date and effective security system for your network. Do not neglect its setting.
If you are interested in other Check Point materials, here you will find a large selection ( Check Point. A selection of useful materials from TS Solution ). You can conduct a free audit of Check Point security settings here. You can also subscribe to our channels ( YouTube , VK , Telegram ) in order not to miss new articles, courses and seminars.
PS I would like to thank Aleksey Beloglazov (Check Point company) for help in preparing the lesson.