The Check Point Certified Security Administrator
What you'll learn
- Check Point Technology Overview
- Deployment Platforms and Security Policies
- Smartview Tracker
- Monitoring Traffic and Connections
- Network Address Translations
- User Management and Authentication
- Using SmartUpdate
- Implementing Identity Awareness
- Configuring VPN tunnels
- Basic knowledge of networking
- Windows Server and/or UNIX skills
- Internet and TCP/IP experience
The Check Point Security Administration course provides an understanding of basic concepts and
skills necessary to configure the Check Point Security Gateway, configure Security Policies, and
learn about managing and monitoring secure networks.
This Course covers the following topics:
Describe Check Point's unified approach to network management, and the key elements of this architecture.
Design a distributed environment using the network detailed in the course topology.
Install the Security Gateway version R77 in a distributed environment using the network detailed in the course topology.
Given network specifications, perform a backup and restore the current Gateway installation
from the command line.
Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line.
Deploy Gateways using sysconfig and cpconfig from the Gateway command line.
Given the network topology, create and configure network, host and gateway objects
Verify SIC establishment between the Security Management Server and the Gateway using
Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use.
Evaluate existing policies and optimize the rules based on current corporate requirements.
Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime.
Configure NAT rules on Web and Gateway servers.
Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality.
Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements.
Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications.
Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways.
Upgrade and attach product licenses using SmartUpdate.
Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.
Manage users to access to the corporate LAN by using external databases.
Use Identity Awareness to provide granular level access to network resources.
Acquire user information used by the Security Gateway to control access.
Define Access Roles for use in an Identity Awareness rule.
Implementing Identity Awareness in the Firewall Rule Base.
Configure a pre-shared secret site-to-site VPN with partner sites
Configure permanent tunnels for remote access to corporate resources.
Configure VPN tunnel sharing, given the difference between host-based, subunit-based and gateway-based tunnels.
Who this course is for:
- Any one who wants to learn Checkpoint Firewall
- Any one who wants to pursue CCSA Certification
- Any one who wants to develop profession skills on Checkpoint
Quality Beyond Certification
I’ve been certified at some of the highest standards for the quality of my performance at work. I spare no quarter when it comes to delivering high quality services in the required time. Listed below are some of my certifications:
- Extreme Networks Certified Instructor
- Certified Cisco Systems Instructor
- Checkpoint Certified Security Instructor
- Certified EC-Council Instructor
- IPV6 Certified Instructor – Gold
- Juniper Networks Certified Instructor
- Checkpoint Certified Security Administrator
- Checkpoint Certified Security Expert
- Extreme Networks Certified Expert
- Cisco Certified Network Expert Written – CCIE (R&S), Security
- Cisco Certified Network Associate – CCNA
- Cisco Certified Security Professional – CCSP
- Information Systems Security Professional – ISSP
- Certified Wireless Network Associate – CWNA
- Certified Wireless Security Professional – CWSP
- Information Technology Infrastructure Library – ITILV3F
- Comptia Security +
- Juniper Networks Certified Internet Associate – JNCIA – FW/VPN
- Juniper Networks Certified Internet Specialist – JNCIS – FW/VPN
- Juniper Networks Certified Internet Associate – JNCIA – IDP
- Juniper Networks Certified Internet Associate – JNCIA – SSL
- Juniper Networks Certified Internet Associate – JNCIA –DX
- Juniper Networks Certified Internet Associate – JNCIA –EX
- Juniper Networks Certified Internet Associate – JNCIA –WX
- Juniper Networks Certified Internet Associate – JNCIA –ER
- McAFee EPO , HIPS, SafeBoot , VSE
- Extreme Certified Expert – Networking
- Extreme Certified Expert – Access Control
- Extreme Certified Specialist – Routing
- Extreme Certified Specialist – Switching
- Extreme Certified Specialist - NAC
Experience in Expertise
With more than 14+ years of experience in the IT industry I can comfortably say that I know the field and how to go about my business. Be it designing, Implementation or troubleshooting of Network Technologies, I am totally comfortable in doing it all, even under immense pressure. Given below is a list of other services I am experienced in:
- Analysis, installation, implementation and troubleshooting of WAN/LAN Projects
- Corporate experience in various roles of networking.
- Networking as an Engineer handling WAN, Cisco, Juniper, Fortinet, Watchguard, etc., devices.
- Technical Audit, Penetration Testing, Vulnerability Assessment.
My wide range of professional skills and the experience coupled with my determination alone have resulted in the level of expertise that I possess today.
Senior Security Consultant
- Maintenance of Cisco PIX Firewalls and VPN Concentrators
- Maintenance and Monitoring of International links on IP
- Providing Support to more than 75 branches in EMEA
- Coordinating with Verizon Business for WAN Connectivity issues.
- Providing LAN / WAN Support for the Corporate Network Management of Infrastructure using Cisco Works 2005
- Implementing routing protocols RIP, IGRP, Enhance IGRP, OSPF
- Troubleshooting IOS Routers and PIX Firewalls.
- Hands on experience with VPN Concentrator 3000 series.
- Configuring ACS and Restricting Administrative access.
- Deployment of Packet Filtering Using Different Types of Access Control Lists and Object Grouping.
- Content Filtering using WebSense, N2H2, ActiveX Filtering, and Java Applets
- Configuring Cisco router Interfaces, Access-Lists, TCP/IP addresses and SNM
- Configuring Access-List, Access-group, Access-Class, Line VTY for Security
- Configuring WAN Technologies like Frame Relay, PPP and ISDN
- Control router installations, passwords, identification, backups and upgrades
- Configuring VLAN in the CISCO 19XX & 29XX-Series Switch
- Hardware and OS upgrading of Cisco devices.
At Heart’s Core
Over and above all my skills and abilities, there are some core skills that I have completely mastered and perfected. These are the skills that are demanded of me on a regular basis:
Installation and Configuration of
- Routers – Cisco 1700,2500,2600,3600,Juniper M/T Series
- RAS – 3COM Total Control
- Switches – Cisco 3550,2900,1900,Alteon, Extreme, Foundry, Blackbox.
- Firewall – Netscreen, Cisco PIX, Foundry, Fortigate, Watchguard.
- Load Balancers – Intel and Cisco.
- VPN Concentrator – Cisco VPN box, Juniper SSL Box.
- Wireless – Symbol & Cisco WLC, WMS
- Cache Engine – Netcache
- Identity – Cisco ISE, Extreme NAC, Juniper UAC
- Cisco Prime, Junos Space
- OSPF – Designed, Implemented and Migrated several NOC to the core backbone using OSPF as the IGP.
- Commissioning & Installation of E1,PRI Links in Backbone
LAN Switching – LAN Switching techniques, VLANs, Ethernet Trunking, VLAN Tagging, VTP and STP.
Technical experience in Network Security Products such as VPN, IDS/IDP solutions and Firewalls
Security Audit and Vulnerability Assessment experience including network attack and penetration testing, host security diagnostics.
Familiarity with risk analysis and mitigation methodology, security policy and procedure development, incident response program, patch management and vulnerability management processes, security training and awareness.
Ability to address confidentiality, integrity and vulnerability of the network and systems and provides the foundation for many risk mitigating activities.
Implementation of network and system security solutions.
Be it hardware or Operating Systems, my technical abilities in all these areas are up to global standards and I always aim to give my customers the best in technical support. Listed below are my technical skills:
Routers: Cisco 1700,2500.2600,3600, Juniper M/T Series.
Switches: Catalyst 3550,2900,1900,Alteon,Extreme (black diamond, Alpine, Summit),Foundry and Blackbox.
Netscreen FW 5000 Series, ISG, 500 – A/A.A/P, PIX FW, VPN Concentrator, SSL VPN, Juniper IDP, Cisco IDS, Cisco ASA, Checkpoint.
Windows NT 4.0/2000 Server & Workstation, Cisco IOS, Cat OS, Finnesse(PIX), Junos , Screen OS, Linux (Basic)
Training: - Security
Some of the Few Key Customers for whom Security Classes (NSM, IDP, Netscreen FW, SSL, PIX, CEH, CHECKPOINT)
Learn by Teaching: I have also conducted many seminars in an around the city as part of my ongoing effort to spread awareness about technology and its practical uses in our day to day life. I am also writing a book on the same. These have been very nourishing experiences as not only have I imparted knowledge through these workshops and seminars, but have learned a great deal too. 1. Workshop on Digital Evidence for “ISACA” Bangalore Chapter 2. Workshop on Firewall Technologies for Dhiragu ISP Maldives
3. Workshop on Wireless Security “ISACA” Chennai Chapter 4. Guest Lecturer for MSC Cybercrime and Information Security and PG Diploma in Information Security (University of Madras)
Clientele (Most Recent)
Here’s a list of our most recent clients
Mu-Sigma – Extreme Routing and Switching
Mu-Sigma – Extreme Wireless
Mu-Sigma – Extreme Netsight
Rukus – Wirless Technologies
Cisco Systems TAC – Nexus
Cisco Systems TAC – UCS
Cisco Systems TAC – ASA Firewall
Cisco Systems TAC – Routing
Cisco Systems TAC – Switching
Cisco Systems TAC – Collab
Vodafone Bangalore – Juniper SRX
Vodafone Pune – Cisco Switching
Vodafone Pune – SRX
Sungard – Nexus
Intel Bangalore - Extreme
Ramco InfoTech – Netscreen and IDP (Chennai)
Marstech Solutions India P Ltd
Trishla (Juniper Firewall)
ISACA – India (Workshop)
University of Madras – Cybercrime (MSC & PG Diploma)
Indian Bank (Head Office) – Firewall and IPS Evaluation
Hyderabad International Airport – Tech Lead (Security, Wireless)
Bangalore International Airport – Tech Lead (Wireless)
Cybernet Slash Support – Chennai (Juniper SSL)
NIIT (McAfee EPO)
Element K India Pvt Ltd (MPLS)