Somo 1Msingi wa muundo wa sera za udhibiti wa upatikanaji wa Check Point (Tathmini ya sheria kutoka juu, hesabu za hit za sheria)Elewa muundo wa kimantiki wa sera za udhibiti wa upatikanaji wa Check Point, ikijumuisha tathmini ya sheria iliyopangwa, tabaka za ndani, hesabu za hit, na athari ya nafasi ya sheria kwenye usalama, utatuzi, na uwezo wa kudumisha sheria za msingi kwa muda mrefu.
Top-down rule evaluation behaviorInline layers and ordered layers usageUsing rule hit counts for analysisShadowed and overlapping rule detectionChange control for policy structureSomo 2Muundo wa sheria: Chanzo, Lengo, Huduma/Bandari, Kitendo, Kufuatilia, Sakinisha Juu — mifano ya kinaChunguza kila sehemu ya sheria kwa undani, ikijumuisha Chanzo, Lengo, Huduma/Bandari, Kitendo, Kufuatilia, na Sakinisha Juu, na mifano halisi inayoonyesha mifumo ya kawaida, makosa, na mbinu bora za kujenga sheria zinazosomwa na zinaweza kukaguliwa.
Choosing precise source definitionsDesigning accurate destinations and groupsSelecting services and custom portsAction and Track field best practicesInstall On targets and policy packagesSomo 3Uboresha wa sheria za msingi na mazingatio ya utendaji: kutumia vikundi, kurahisisha sheria, na kufuatilia hit za sheriaBoresha utendaji wa sheria za msingi kwa kuunganisha vitu katika vikundi, kurahisisha sheria, kurekebisha huduma, na kutumia data ya hesabu za hit na magunia ili kutambua sheria zisizotumika au zisizofaa, huku ukidumisha uwazi na nafasi ya usalama.
Group networks and services logicallyConsolidate similar rules safelyTune services and application objectsUse hit counts to remove stale rulesMonitor performance and policy impactSomo 4Kutenganisha mtandao wa wageni: sheria na tabaka ili kulazimisha upatikanaji wa mtandao wa kimataifa pekee na kuzuia wateja hadi watejaBuni kutenganisha mtandao wa wageni kwa kutumia tabaka maalum, maeneo, na sheria zenye vikwazo zinazolazimisha upatikanaji wa mtandao wa kimataifa pekee, kuzuia trafiki kati ya wateja, na kuzuia harakati pembeni kuwa ndani, DMZ, na sehemu za udhibiti.
Define guest VLANs and zonesEnforce Internet-only egress rulesBlock client-to-client communicationPrevent access to internal networksMonitor guest usage and anomaliesSomo 5Sheria za upatikanaji wa seva-hadi-seva na kati ya tovuti (HQ_Server na BR_Server) ikijumuisha bandari zilizozuiliwa na vikwazo vya wakatiJifunze kubuni sheria salama za seva-hadi-seva na kati ya tovuti kati ya seva za ofisi kuu na tawi, ikijumuisha wazi huduma iliyozuiliwa, dirisha la upatikanaji linalotegemea wakati, kuingiza magunia, na mbinu za uthibitisho zinazodumisha upatikanaji huku zikipunguza uso wa shambulio.
Identify HQ_Server and BR_Server assetsDefine allowed services and restricted portsImplement time-based access controlLog and monitor inter-site trafficTest and validate server access rulesSomo 6Sheria za kusafisha, sheria zisizoelezwa, na usafi wa sheria za msingi: nafasi, majina, na kusudiElewa sheria za kusafisha, sheria zisizoelezwa, na mbinu za usafi wa sheria za msingi, ikijumuisha mpangilio wa sheria, makubaliano ya majina, hati, na ukaguzi wa mara kwa mara unaofanya sera iwe thabiti, inaweza kukaguliwa, na inalingana na viwango vya usalama.
Analyze implied rules and defaultsDesign explicit cleanup and drop rulesApply clear naming conventionsDocument rule purpose and ownersSchedule periodic rulebase reviewsSomo 7Kubuni sheria za wavuti, DNS, na barua kwa HQ_Office na BR_Office kwa kanuni za haki ndogoBuni sheria za haki ndogo kwa trafiki ya wavuti, DNS, na barua kwa HQ_Office na BR_Office, ukipunguza upatikanaji kwa mtumiaji, mtandao, na programu, huku ukahakikisha mwendelezo wa biashara, kuingiza magunia, na kutenganisha wazi mtiririko wa nje na wa ndani.
Identify office web, DNS, and mail flowsSeparate HQ_Office and BR_Office policiesRestrict services and destinations tightlyApply user and group-based controlsLog and review office traffic patternsSomo 8Chapishaji cha DMZ: sheria kuruhusu mtandao wa kimataifa hadi seva za wavuti na barua za HQ_DMZ na mazingatio ya NAT na ukaguziJifunze kuchapisha huduma za DMZ kwa usalama, kuruhusu upatikanaji wa mtandao wa kimataifa kwa seva za wavuti na barua za HQ_DMZ huku ukatumia NAT, ukaguzi wa HTTPS, anti-bot, na udhibiti wa IPS, na kuhakikisha kuingiza magunia, kurudia, na uso mdogo uliofunuliwa.
Identify HQ_DMZ web and mail assetsConfigure static and hide NAT rulesRestrict inbound services and portsApply HTTPS inspection and IPSMonitor DMZ traffic and anomaliesSomo 9Kubuni seti za sheria zinazotegemea jukumu kwa lango za HQ na Tawi: kutenganisha mtandao wa kimataifa, ndani, DMZ, na upatikanaji wa udhibitiJenga seti za sheria zinazotegemea jukumu kwa lango za ofisi kuu na tawi zinazotenganisha wazi mtandao wa kimataifa, ndani, DMZ, na trafiki ya udhibiti, kwa kutumia tabaka, vitu vya mtandao, na viwango vya majina ili kurahisisha utawala, ukaguzi, na utatuzi.
Identify roles and traffic categoriesSeparate Internet and internal rulesIsolate DMZ and management accessUse layers for role-based policiesDelegate administration by roleSomo 10Sheria za upatikanaji wa udhibiti: kuzuia SSH/RDP/HTTPS hadi HQ_Mgmt, matumizi ya Maeneo Salama ya Ndani na udhibiti wa fidhaaBuni sheria za udhibiti zenye udhibiti mkali za SSH, RDP, na HTTPS hadi HQ_Mgmt, uk Tumia Mawasiliano Salama ya Ndani, maeneo ya udhibiti, mwenyeji wa kuruka, na udhibiti wa fidhaa kama MFA, kuingiza magunia, na upatikanaji wa wakati halisi.
Define HQ_Mgmt networks and hostsRestrict SSH, RDP, and HTTPS sourcesUse Secure Internal Zones and SICApply MFA and just-in-time accessLog and review admin activity
