Course Hero Logo

Security servers and the rule base chapter 4 security

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 219 - 221 out of 352 pages.

Security Servers and the Rule BaseChapter 4Security Servers and Content Security221WhenTunnelingis checked, HTTP requests using the CONNECT method arematched. The HTTP Security Server does not inspect the content of the request, noteven the URL. Only the host and port number can be checked. Therefore, whenTunnelingis checked, some Content Security options in the URI Resourcespecification, (for example, CVP options, HTML weeding) are disabled.If you checkTunneling, you can still use the URI File or UFP specifications. A URIFile specification must define a file that lists only server names and their port numbers.The UFP specification must use a UFP server that maintains a list of only server namesand port numbers.Host(on theMatchtab)— Specify the host and port of a known HTTPS server, forexample:The field to the left of the colon specifies the URI’s host. The field to the right of thecolon specifies the port.A wildcard character (“*”) indicates any host or any port. For example, you can specify“*:443” or “*:*”. For HTTPS, “*” (a single wildcard character) is not a valid entry,though “*” is a valid entry for HTTP or FTP resources.For more information on URI Resources, see “URI Resources” in Chapter 6,“Services and Resources”, in the book,Check Point Management Guide.Non-transparent Mode and HTTPSTo enable the HTTP Security Server to inspect the contents of HTTPS connections,you can configure the HTTP Security Server to encrypt and decrypt HTTPSconnections. This requires the implementation of Non-transparent Authentication.This option is known as “Non-transparent Mode” because the user of HTTPS mustaccess the gateway before being allowed to continue to the target host. Because theHTTP Security Server is not defined as a Security Proxy to the user’s Web browser,Non-transparent Mode is best used to authenticate external users accessing internalservers.For information on configuring support for HTTPS in Non-transparent Mode, see“HTTP Security Server and Non-Transparent Authentication” on page 154 inChapter 3, “Authentication.”https server host:443
Security Servers222Check Point FireWall-1September 2002Interaction with OPSEC ProductsThe VPN-1/FireWall-1 Security Servers support third-party products working withCheck Point’s OPSEC SDK. In the OPSEC framework, the enterprise security systemis composed of several components, each of which is provided by a different vendorand may be installed on a different machine or run simultaneously on the same machinein different processes. VPN-1/FireWall-1 distributes security tasks to the OPSECcomponents. Transactions between VPN-1/FireWall-1 and OPSEC securitycomponents take place using open, industry standard protocols.Information about OPSEC is available at .

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 352 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
NoProfessor
Tags
Transmission Control Protocol, Syn, Check Point

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture