Q: What protocol is most often used to attack the network layer of the OSI stack, and how can Check Point help in stopping these attacks?

A: IP is used for attacks against the network layer. This includes IP fragmentation and DoS attacks. To prevent these attacks, FireWall-1 has an assortment of controls. These include blocking Java code; stripping script, applet, and ActiveX tags; camouflaging default banners; and filtering URLs. With SmartDefense, FireWall-1 is able to proactively determine and prevent possible exploits and DoS attacks.

Q: What does SmartDefense offer that a standard packet inspection firewall can t?

A: A standard packet inspection firewall operates at the network layer, whereas the majority of modern attacks occur at the application level. FireWall-1 works at both OSI levels. Attackers try to exploit application vulnerabilities such as HTTP (TCP port 80) and HTTPS (TCP port 443), as these are open in most networks. Through a process of directly targeting the applications, an attacker can deny service to legitimate users via DoS attacks, gain access to the administrative system and backend information databases, and install Trojan horse software or sniffer software that captures user IDs and passwords. The application layer contains the majority of user data and supports most protocols, and is thus frequently targeted.

Q: What does Application Intelligence provide?

A: Check Point s Application Intelligence feature provides a methodology to both detect and prevent application-level attacks. This is enacted through the following four defense strategies: