Anti-Bot and Anti-Virus R75.40 Administration Guide

Anti-Bot and Anti-Virus R75.40 Administration Guide 14 March 2012 Classification: [Protected] © 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=13942 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the home page at the Check Point Support Center (http://supportcontent.checkpoint.com/solutions?id=sk67581). Revision History Date 14 March 2012 Description First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Anti-Bot and Anti-Virus R75.40 Administration Guide). Contents Important Information.............................................................................................3 Introduction to Anti-Bot and Anti-Virus ................................................................6 The Need for Anti-Bot.......................................................................................... 6 The Need for Anti-Virus....................................................................................... 7 The Check Point Anti-Bot and Anti-Virus Solution ............................................... 7 Identifying Bot Infected Machines ................................................................... 8 Preventing Bot Damage.................................................................................. 8 Threat Analysis............................................................................................... 8 Getting Started with Anti-Bot and Anti-Virus......................................................10 Anti-Bot and Anti-Virus Licensing and Contracts ................................................10 Enabling the Anti-Bot and Anti-Virus Software Blades........................................10 Check Point Information.................................................................................10 Creating an Anti-Bot and Anti-Virus Policy..........................................................11 Creating Rules...............................................................................................11 Installing the Policy........................................................................................13 Managing Anti-Bot and Anti-Virus.......................................................................14 The Anti-Bot and Anti-Virus Overview Pane ......................................................15 My Organization.............................................................................................15 Messages and Action Items...........................................................................15 Statistics........................................................................................................15 Malware Activity.............................................................................................15 RSS Feeds....................................................................................................16 The ThreatCloud Repository...............................................................................16 Using the Threat Wiki.....................................................................................16 Updating the Malware Database....................................................................16 Gateways Pane..................................................................................................18 Protections Browser ...........................................................................................19 Searching Protections....................................................................................19 Sorting Protections ........................................................................................19 Profiles Pane......................................................................................................20 Creating Profiles............................................................................................21 Copying Profiles.............................................................................................23 Deleting Profiles.............................................................................................23 The Policy Rule Base.........................................................................................23 Predefined Rule.............................................................................................23 Exception Rules.............................................................................................24 Parts of the Rules..........................................................................................25 Exception Groups Pane......................................................................................27 Creating Exception Groups............................................................................27 Adding Exceptions to Exception Groups........................................................28 Adding Exception Groups to the Rule Base...................................................28 Creating Exceptions from Logs or Events......................................................28 Advanced Settings for Anti-Bot and Anti-Virus....................................................29 Engine Settings..............................................................................................29 HTTP Inspection on Non-Standard Ports.......................................................42 HTTPS Inspection..............................................................................................43 How it Operates.............................................................................................43 Configuring Outbound HTTPS Inspection......................................................44 Configuring Inbound HTTPS Inspection.........................................................46 The HTTPS Inspection Policy........................................................................47 Gateways Pane .............................................................................................51 Adding Trusted CAs for Outbound HTTPS Inspection....................................52 HTTPS Validation..........................................................................................53 HTTP/HTTPS Proxy.......................................................................................56 HTTPS Inspection in SmartView Tracker.......................................................57 HTTPS Inspection in SmartEvent...................................................................58 Anti-Bot and Anti-Virus in SmartView Tracker ...................................................60 Log Sessions......................................................................................................60 Anti-Bot and Anti-Virus Logs...............................................................................61 Viewing Logs......................................................................................................61 Updating the Anti-Bot and Anti-Virus Rule Base ............................................61 Accessing the Threat Wiki .............................................................................61 Viewing Packet Capture Data.............................................................................62 Predefined Queries.............................................................................................62 Anti-Bot and Anti-Virus in SmartEvent................................................................63 Event Analysis in SmartEvent or SmartEvent Intro.............................................63 Viewing Information in SmartEvent.....................................................................63 Updating the Anti-Bot and Anti-Virus Rule Base ............................................64 Accessing the Threat Wiki .............................................................................64 Anti-Bot and Anti-Virus Reports..........................................................................65 Viewing Information in SmartEvent Intro.............................................................65 The SmartEvent Intro Overview Page............................................................65 Anti-Bot and Anti-Virus Event Queries...........................................................66 ... - tailieumienphi.vn