Introduction

SmartDefense is a new product that was first available for FireWall-1 NG FP2 and was designed to be part of Check Point s new line of Active Defense security solutions. The new active solutions are designed to take immediate action to prevent an attack, instead of only notifying the administrators that an attack has taken place. This can be viewed as an extension to the packet inspection that already takes place on your firewall. FireWall-1 previously had the capability to understand a small number of application layer protocols, such as FTP, to allow the firewall make the correct decision on the validity of a connection. FireWall-1 now understands additional protocols and has some idea of what should be considered a valid data stream based on user-defined parameters.

SmartDefense takes a different approach than a standard Intrusion Detection System (IDS) because it does not attempt to counter each new attack that is discovered, but instead it protects your network against entire classes of attacks. SmartDefense performs strict sanity checks on packet headers and protocol data to prevent any malformed information into your network. For example, instead of watching for an extensive list of attacks that can be used against DNS servers, SmartDefense will check DNS packets for compliance with the RFC standard for DNS packets. This behavior can protect against a large number of current and future exploits without the need for continual signature updates. This, of course, will not protect against every available attack because many attacks are difficult to...