Introduction

SmartDefense is a compilation of technologies built into the Check Point enforcement point to add extra fortifications against attacks. The technologies include:

• Network Security, which encases Transmission Control Protocol/Internet Protocol (TCP/IP)-level attack security

• Application Intelligence, which presents fortifications against Layer 7 attacks by inspecting the data segment of a packet

• Web Intelligence, which offers protection to Web services from particular Hypertext Transfer Protocol (HTTP)-based attacks

This chapter covers best practices in terms of implementing and handling these features. You can disable SmartDefense or use it in a monitor-only mode if enhanced protection is not advantageous. A number of features, including buffer size, cannot be disabled but may be modified.

SmartDefense not only protects against a range of known attacks, varying from different classes of Microsoft networking worms to distributed denial of service (DDoS) attacks, but it also incorporates intelligent security technologies that protect against entire categories of emerging and unknown attacks.

SmartDefense is built on Check Point s Stateful Inspection and Application Intelligence technologies. These enable an administrator to block specific attacks and complete classes of attacks while allowing legitimate traffic to pass. Application Intelligence is a collection of technologies that identify and thwart application-level attacks by integrating a deep conception of application behavior into network security fortifications. The primary functions of Application Intelligence are to:

• Validate compliance to standards

• Corroborate expected usage of the network and associated protocols

• Block malicious data

• Control hazardous operations that occur in applications