Beruflich Dokumente
Kultur Dokumente
Classification: [Protected]
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Additional Information
For additional technical information, visit the Check Point PartnerMAP.
Revision History
Date
Description
September 2014
December 1, 2014
Contents
Important Information .............................................................................................3
Introduction .............................................................................................................5
Benefits ............................................................................................................... 5
What's New ......................................................................................................... 6
Installation ........................................................................................................... 8
Activation ............................................................................................................. 8
System Requirements ......................................................................................... 9
Installing SmartConsole ....................................................................................... 9
Installing Server Supplement ..............................................................................10
Upgrading ...........................................................................................................10
Getting Started ...................................................................................................11
Customizing Reports ............................................................................................13
Customizing Time Period of Report ....................................................................13
Creating New Reports ........................................................................................13
Adding Queries to Reports .................................................................................14
Editing Queries ...................................................................................................15
Editing Generated Tables and Graphs................................................................16
Editing Generated Reports .................................................................................16
Changing the Report Template ...........................................................................16
Offline Reports ......................................................................................................18
CPLogLogSender Utility .......................................................................................20
Securing Reports ..................................................................................................21
Known Issues........................................................................................................21
Cant log in to SmartEvent after installing the supplement ..............................21
Generating Reports with SmartEvent Intro .....................................................22
Generating Reports while SmartEvent Machine is Under Load ......................22
Microsoft .NET Framework ............................................................................23
Compliance Security Analysis Report.................................................................24
Introduction ....................................................................................................24
Key Benefits ..................................................................................................24
System Requirements....................................................................................24
Generating Compliance report .......................................................................25
Endpoint Security Analysis Report .....................................................................28
Introduction ....................................................................................................28
Key Benefits ..................................................................................................28
System Requirements....................................................................................28
Installation .....................................................................................................28
Troubleshooting .............................................................................................28
Generating a report ........................................................................................29
Exporting the report .......................................................................................29
Benefits
Introduction
Check Point Security Checkup takes Check
Point PoCs into the next level. The tool
generates a comprehensive threat analysis
report. It automatically integrates security
events from different Software Blades:
Application Control, URL Filtering, IPS, AntiVirus, Anti-Bot, DLP, Threat Emulation and
Compliance. The analysis report is created
automatically on a Check Point Microsoft
Word document report template.
The Security Checkup tool accentuates Check
Point added value, exposing new security
risks and suggesting remediation. When a
Check Point Security Gateway runs for a
while in a PoC environment, inline or Mirror
Port, we expect logs and security events to be
generated for the active Software Blades. The
report gives a comprehensive security
analysis that summarizes security events,
their risks, and their remediation.
This tool offers several out-of-the-box
recommended reports. You can customize
your own reports. You can add and remove
queries. You can create your own Word
template.
Benefits
Introduction
Page 5
What's New
What's New
Ver R77.20 3.05
Automatic version verifier- verifies that the installed SmartConsole and server supplement are
of the same Security Checkup version.
Virus section- new table added: received emails with links to malicious sites.
Additional improvements in Virus section.
Text updated in Endpoint sections.
Bugs fixes
Bug fixes
Page 6
What's New
Ver R77
More granular report period (from <start date; time> to < end date; time>)
New DLP query: Files Sent Outside of the Organization (displaying file names)
Introduction
Page 7
Installation
Note: Security Checkup tool is only for Proof of Concept scenarios. It is run by Check Point authorized
personnel using a default SmartEvent configuration. Any other use is not supported.
Installation
This version of Security Checkup tool has its dedicated SmartConsole and supplement for the R77.20
SmartEvent Server.
Component
Package
SmartConsole
SmartConsole_990170005_1.exe
SmartEvent supplement
Security_Checkup_Supp_R77.20_Ver03.tgz
MD5: C821E63D480B0DCDCF9DB7ABA8788976
Activation
To activate Security Checkup tool:
1. Open the SmartEvent console.
2. From the top menu bar select, Launch Menu > View > Security Checkup
Introduction
Page 8
System Requirements
System Requirements
Component
Operating System
SecurePlatform, Gaia
Windows 7
(Windows 8 is not
supported)
Note - Reports are generated to a Microsoft Word document. Some of the data within the report is
Excel files embedded into the word document.
Installing SmartConsole
Install the Security Checkup tool SmartConsole on a Windows computer with MS Office 2010. Although it is
a special R77.20 SmartConsole, it works with any R77.20 Security Management Server.
Introduction
Page 9
Install the supplement on an existing R77.20 SmartEvent Server dedicated to PoCs. The supplement must
be installed on a clean SmartEvent server, meaning SmartEvent server with default event queries. When
you run the installation script, cpstop and cpstart are being run automatically. The tool can be installed on a
standalone deployment as well (where Security Gateway, Security Management and SmartEvent running on
the same machine).
Do not install this tool on a production environment.
Upgrading
To upgrade the SmartConsole of this tool from existing R77.20 SmartConsole, uninstall the existing version
and install the new version.
To upgrade the SmartEvent Server supplement, install this version. It automatically overwrites the older
version.
Introduction
Page 10
Getting Started
Getting Started
After you install the new SmartConsole, you have a new button on the SmartEvent console.
To generate a report:
5. Open SmartEvent.
6. Click Security Checkup
Introduction
Page 11
Getting Started
NOTE: For information relating to the Compliance Security Analysis Report, see section on Compliance.
8. Click Generate Report.
The report can take several seconds to generate. It opens as a Word document in the background.
Executive summary - Summarizes main results: number of events, brief list of critical and high
events that need special attention, and risks.
Introduction
Page 12
Customizing Reports
The Security Checkup tool out-of-the-box reports are designed for PoCs, built on customer feedback. But if
you have unique requirements from a customer, you can fulfill the request with easy customizations.
Clone Selected Report - Create a new report based on template and queries of the selected report.
Customizing Reports
Page 13
3. In the Report Period list, select the time period. Data from this period is collected when the report
generates.
4. Decide if this report is to be based on an existing document:
Create a report using an existing document. - Select use the following document as template.
Browse to the document. If you want to select an out-of-the-box template, browse to the
SmartConsole installation folder. The default folder is:
C:\Program Files
(x86)\CheckPoint\SmartConsole\R77.20\PROGRAM\data\ClientGeneratedReports
2. In the View Title field, enter the name of the query that will replace placeholder text:
If this report is based on a blank Word document, the title of the query data shows at the end of the
document.
Customizing Reports
Page 14
Editing Queries
If this report is based on an existing document, the text in this field must match, case-sensitive, the
placeholder text. If the placeholder text does not exist in the document, the query output is added to
the end of the document.
3. In the View Type field, define the output type. Valid values:
Image - Query results are output as JPG files. Use for Grid (Events tab in SmartEvent), Pie, or Map.
Define the Image Width and Image Height in pixels.
Data - Query results are output as embedded Excel files. Use for Grid or Pie. Define an Excel
workbook. It can be a blank file, or a file with content and formulas. Security Checkup tool puts
collected data on Sheet2. The table or chart shown on the report is on Sheet1.
You can change the data or formulas as required.
You must save the Excel workbook with Sheet1 visible.
4. In the Query field, click the browse button. Select a query to collect data. You can create a new
query if necessary.
5. Click Save.
Editing Queries
You can change a query that you made, or a query that is predefined.
To edit a query:
1. In the Report Generator View window, double-click a report.
Customizing Reports
Page 15
3. Click Edit.
Customer details
Report date
PoC duration
Methodology details
Such data, which you must fix before you deliver the report, is marked in red.
If you see unresolved placeholders (text in < > tags):
Edit queries to replace the placeholder with data and generate the report again.
Customizing Reports
Page 16
analyzed, and manipulated by Security Checkup tool. If you remove or change placeholder text, the
generated data is shown at the end of the report.
Best Practice: Change the template only for localization (translating text that comes from the template) or
formatting (font, color, size). Use the Security Checkup tool editing features to change the data that is
shown.
Customizing Reports
Page 17
Offline Reports
You can generate reports from logs, without interacting with the customer environment. For example, if you
get logs from a customer, you can use the Security Checkup tool to deliver a professional report of the log
data. Offline reports generate queries only of activated Software Blades.
Security Management and SmartEvent Server with the latest Security Checkup tool installed. You
will import the network logs to this local environment. There is also a need for SmartEvent and
SmartView Tracker SmartConsole in order to view the logs and events.
CPLogLogSender utility. Can be downloaded from the Check Point Solution Center wiki (for
internal Check Point users) or from Check Point UserCenter. Copy the CPLogLogSender file into
$FWDIR/log directory
To export logs:
1. Open SmartView Tracker, connected to the Security Management Server that has the logs.
2. Click File > Save As.
yourname.log
yourname.logaccount_ptr
yourname.loginitial_ptr
yourname.logLuuidDB
yourname.logptr
5. Copy all of these files to your computer.
Note: it is recommended to filter FW Blade logs before saving to reduce the log file sizes. FW Blade
logs are not required in order to generate a report.
To import logs:
1. On the local Security Management Server, log in and go to $FWDIR/log.
2. Put all the exported files here.
3. Run: chmod 777 CPLogLogSender
Offline Reports
Page 18
Offline Reports
Page 19
CPLogLogSender Utility
The CPLogLogSender utility simulates traffic captured in the log file. The utility runs the traffic as though it
were live traffic going through the Security Gateway. The Security Gateway logs new events similar to those
in the log files.
To run the utility, you run a script command with required configuration parameters.
Syntax
Parameters
Description
l <log_amount>
i <interval>
-t
Ignores the original logs time & date and generate the logs as if
they occur at the time of running the command
n <cycles>
name
Comments
1. Before running the Utility please set the utility privileges by running the following
command:
chmod 777 $FWDIR/log/CPLogLogSender
Example
2. The time it takes to generate the logs depends on the number of log records in the log
file. In the example, if the log file has 100,000 records, it will take 100,000 records /
200 seconds = 500 seconds.
We recommend around 200 logs per second if you use VMware or a slow computer. If you
use a strong computer, you can increase to a higher rate (1,000 - 4,000 or more) to
shorten the process time.
./CPLogLogSender l 200 i 1 t n forever MYLOGS.log
CPLogLogSender Utility
Page 20
Securing Reports
When the report is ready to deliver, make sure it secure from unauthorized changes or access.
1. Save the Word document as PDF.
2. Set the PDF security for opening and for editing.
If you have Adobe Acrobat, set the security options of the Document Properties. We recommend
using Password protection.
If you use a 3rd Party product (such as PrimoPDF) to make the PDF, use the features of that
application to set a password on the PDF.
It is best if you do not edit the PDF after it is made. To change content for audience or purpose, change the
Word document and save it as a new PDF. We recommend that you password protect the Word document
and keep it in secure storage (such as a Check Point GO stick).
Known Issues
Use Security Checkup tool on a default SmartEvent environment. Do not use it on an environment
where the default SmartEvent queries were modified.
Do not use any clipboard options, for example Copy, Cut, and Print Screen
Do not use more than one monitor (screenshots are taken only from main monitor and not the
secondary monitor)
We recommend that you close other applications that are running in the background
Securing Reports
Page 21
1.
2.
3.
4.
5.
Open the Edit Report window of the reports you will use.
Select a section with an empty query.
Click Remove.
Do this for all sections with empty queries.
Click Save.
Before
After
Page 22
The error message is shown because it is necessary to install the Microsoft .NET Framework before you
install Microsoft Office.
Known Issues
Page 23
This tool performs a security review based on a library of Check Point Security Best Practices contained
within the Compliance Blade, and summarizes the major Security and Compliance findings.
The report is divided into the following sections:
Key Benefits
The analysis tool is based on Check Points Security Best Practices defined within the Compliance Software
Blade. The tool allows administrators to gain an insight into potential configuration issues within the
customers Management and Software Blades.
System Requirements
Component
Operating System
Security Checkup tool mechanism can be connected to R75.40 / R75.40VS / SecurePlatform, Gaia
R75.45 / R75.46 / R75.47 / R75.48 / R76 / R77/R77.10/R77.20 Security
Management Server.
Page 24
2.
A Compliance Blade Data Upload window will open. Under the Management Server settings, enter
in the Server Name or IP address, together with the correct user credentials in order for the report to
connect to the management. Click OK.
3.
Page 25
While onsite at the customer premises, click on Export in order to export the Compliance Blade
data to a file.
2.
In the Compliance Blade Data Export window, enter in the Server Name or IP address, together with
the correct user credentials. Click Browse to specify the target location for the Compliance data file.
The file needs to be saved to your local machine. Click OK.
Page 26
4. From your offsite location, select Generate to create the Security Checkup report:
4.
Under the Data File settings, select Browse and specify the location of the Compliance Data File
that you previously generated. Click OK.
5.
Page 27
Key Benefits
The analysis tool was based on Check Points best security practice for Endpoints. The tool allows
administrators to have a real look on the standard of security in their organization and take actions based on
security vulnerabilities.
System Requirements
Component
Operating System
Microsoft Windows 7, XP
Note - Not supported on computer that have Check Points Endpoint Security client installed
Installation
Step by step work through:
1.
2.
3.
4.
5.
Troubleshooting
If the report did not appear after several minutes after the installation
1.
2.
3.
Page 28
Generating a report
1.
2.
3.
Page 29