4. Check Point to the maximum. Checking Anti-Virus with Kali Linux

We continue the topic of optimizing Check Point settings. This time we will cover the topic of Anti-Virus. Anti-virus technology for over 30 years! It would seem that during this time everyone has already learned everything. Yes, and what settings are there? You turn on Anti-Virus and just regularly update the database, well, i.e. signatures. This is not quite the right strategy. Many users of Check Point leave their default settings, and then they are surprised when the virus nevertheless penetrates the network. I will try to tell how to minimize these risks.

Introduction

But before starting, I would like to once again recall the slide from the previous lesson . There I emphasized that Anti-Virus has not been a panacea for a long time, or rather, not the anti-virus itself, but signature analysis, which is still used as the main method for 100% anti-viruses.



Indeed, in essence, a signature is always a successful attack. After detecting the attack, experts determine what the virus was, create a signature, and from that moment the virus will be detected. All these figures indicate that the number of unique malware for which there are no signatures is increasing every year. Here again, you can recall the Threat Emulation and Threat Extraction blades as a response, but today the lesson is not about that. Today we are talking about Anti-Virus.

Despite all these sad statistics, Anti-Virus still remains one of the most necessary means of protection. The percentage of targeted attacks is still much less than the percentage of classic attacks using already known viruses. As a rule, these are automated malware distribution companies by mail, or distribution through popular web resources. The so-called "attacks on the fool." That is why Anti-Virus remains an important part of network protection.

I think this can finish the theoretical introductory and proceed to practice, where we will take a closer look at the Anti-Virus settings and be sure to test it using the Kali-Linux distribution .

Layout

Let's recall our scheme again. This time I will generate new viruses using Kali-Linux and try to drag them to the user's computer through our Check Point. Let's get started.

Video lesson

In this video tutorial, we will take a closer look at the intricacies of setting Check Point Anti-Virus. We will cover the following points:

• deep inspection;
• archive scanning;
• file locking;
• blocking password-protected archives;
• virus generation using setoolkit;
• log analysis.

Conclusion

I would like to note that the verification methods presented in the video are suitable not only for Check Point. Those. using Kali Linux you can also check the reliability of your firewall (be it Cisco, Palo Alto, Fortinet, etc.). I strongly recommend conducting such tests. I am sure that you will be surprised ...

PS A special thanks goes to Alexey Beloglazov (Check Point company) for help in preparing the lesson.
In order not to miss other lessons, subscribe to our YouTube channel, VK group and Telegram . And you can ask all questions on setting up Check Point here.