Check Point 发布了基于全新软件Blade架构的最新安全网关和管理产品R70-中文全球首发

liuxingyuan

Multiple Remote Access VPN Connectivity Modes（多种远程访问VPN连接模式）
The IPsec blade provides various modes to address a variety of connectivity and routing issues faced by remote users.
IPSec刀片面对远程用户提供了多种模式以解决各种连接和路由问题。
Office Mode addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office Mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.
Office模式解决了在网关和客户端之间使用远程用户原始IP地址加密IP包的路由问题，因而确保了用户当远程连接时好像他们“在办公室”一样。Office模式也提供了反地址欺骗，确保网关遇到的IP地址是授权和指派给用户的。
Visitor Mode enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.
Visitor模式使雇员能够访问到资源，而他们正工作在远程地点（例如宾馆或客户的办公室），在那里Internet的连接可能被限制为Web浏览器使用标准的HTTP和HTTPs端口。
Hub Mode enables rigorous, centralized inspection of all client traffic, removing the need to deploy security functions to multiple offices, and giving employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.
Hub模式为所有客户端流量提供了严格的，集中地检查，消除为多个办公室部署安全功能的需求，提供了雇员安全的客户-到-客户的连接，诸如VoIP或使用像Microsoft NetMeeting应用的Internet会议。

liuxingyuan

IPS Software Blade （IPS软件刀片）

Overview（概述）
The Check Point IPS Software Blade provides complete, next generation firewall intrusion prevention capabilities at multi-gigabit speeds, resulting in industry-leading total system security and performance. The IPS Blade provides complete threat coverage for clients, servers, OS and other vulnerabilities, malware/worm infections, and more. The Multi-Tier Threat Detection Engine combines signatures, protocol validation, anomaly detection, behavioral analysis, and other methods to provide the highest levels of network IPS protection. By quickly filtering 90% of incoming traffic without requiring deep inspection, the IPS engine inspects for attacks only on relevant sections of the traffic, thus reducing overhead and increasing accuracy.
Check Point IPS软件刀片提供了完全的，下一代防火墙入侵防御的能力，具有multi-gigabit的速度，因而提供了业界领先的整体系统安全和性能。IPS刀片提供了完全的威胁覆盖，包括客户端，服务器，OS和其他弱点攻击，恶意软件/蠕虫传播，等等。多级威胁检测（Multi-Tier Threat Detection）引擎综合了签名，协议确认，异常检测，动作分析，和其他方法，提供了网络IPS防护的最高级别。通过快速过滤90%的不要求深度检测进站方向的流量，IPS引擎仅检测与攻击相关的会话流量，因而减小了负载并提供了精确性。
The IPS Blade is supported by the global Check Point Research and Response Centers that provided the best Microsoft vulnerability threat coverage amongst leading security vendors.
IPS刀片由全球Check Point研究和响应中心提供支持，提供了最佳Microsoft的弱点威胁，是安全领导厂商。
Check Point’s acclaimed management capabilities have been enhanced to support the dynamic management requirements of an IPS solution, allowing you to graphically monitor only what is important, easily isolate actionable information, and meet compliance and reporting requirements. Also, the entire Check Point IPS family – IPS Software Blade and standalone IPS-1 appliance –are managed from the same SmartDashboard IPS console, providing truly unified IPS management.
Check Point的为人称赞的管理能力对一个IPS解决方案的动态管理需求提供了增强的支持，允许您以图形化方式监视重要的信息，易于隔离可诉讼的信息，并且满足符合性及报告的需求。而且，整个Check Point IPS家族——IPS软件刀片和单独的IPS-1设备通过相同的SmartDashboard IPS控制台管理，提供真正一致的IPS管理。
Key Benefits（主要优点）
² Complete IPS Protection – A fully functioning IPS integrated into your existing firewall（完全IPS防护—全功能的IPS集成进您现有的防火墙内）
² Industry-Leading Performance – Multi-gigabit total system performance for IPS and Firewall （业界领导级性能—为IPS和防火墙提供Multi-gigabit完全系统性能）
² Dynamic Management – Automates the protection process for both your IPS Software Blade and dedicated IPS （动态管理——不仅对于您的IPS软件刀片和专注的IPS提供了自动的保护进程）
² Protection Between Patches – Reinforces security during delays in the patching process（补丁间保护——在打补丁期延迟期间增强安全）

[ 本帖最后由 liuxingyuan 于 2009-3-1 14:13 编辑 ]

liuxingyuan

Features（特性）
Complete Intrusion Prevention Functionality（完全的入侵防御功能）
Industry-Leading Total System Performance（业界领导全面系统性能）
Dynamic Management（动态管理）
Protection Before the Patch（补丁前防护）
Total Security Value（完全安全价值）
Complete Intrusion Prevention Functionality（完全的入侵防御功能）
The IPS Software Blade is a perfect compliment to your Check Point Firewall protection, further securing your network without degrading your gateway performance.
IPS软件刀片是你的Check Point防火墙保护一个完美解决，在不降低您的网关性能的前提下提高您网络的安全。

liuxingyuan

Fully-Featured IPS（功能齐全的IPS）
The IPS Software Blade provides a complete IPS security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
IPS软件刀片提供了一个完全的IPS安全解决方案，提供了完全的网络防护，抵御恶意和不需要的网络流量包括：
² Malware attacks（恶意软件攻击）
² Dos and DDoS attacks（Dos和DDoS攻击）
² Application and Server vulnerabilities（应用和服务脆弱性攻击）
² Insider threats（内部威胁）
² Unwanted application traffic, including IM and P2P（不需要的应用流量，包括IM和P2P）
Trusted Security（可信赖的安全）
² Thousands of Protections – The IPS Software Blade comes with over 2,000 protections and is constantly updated in real-time. Many of Check Point’s IPS protections are preemptive, providing defenses before vulnerabilities are discovered or exploits are even created. （上千种保护——IPS软件刀片带来了超过2000种的防护并且经常的实时更新。许多Check Point的IPS防御是优先订购，在弱点被发现之前或漏洞创建前提供了防护。
² Microsoft Vulnerability coverage - Check Point is ranked #1 in Microsoft threat coverage, including preemptive protections against emerging vulnerabilities and exploits.（Microsoft弱点覆盖——Check Point将Microsoft威胁覆盖归为1#，包括优先预定防护抵御弱点和漏洞的出现。

liuxingyuan

Industry-Leading Total System Performance（业界领导完全系统性能）
Check Point leads the industry with its multi-gigabit total system performance for firewall with integrated IPS. The IPS Blade provides up to 10x the performance of existing integrated security gateways with integrated IPS capabilities, and 22x faster performance with over 2000 security protections enabled.
Check Point以它的multi-gigabit完全系统性能，集成了IPS的防火墙为业界的领袖。与现有的集成了IPS能力的安全网关相比，IPS刀片提供了高达10倍的性能，使用超过2000种安全防护的能力，具有22倍快速性能。
Extensive IPS Performance Options （扩展IPS性能选项）
Check Point offers IPS Software Blade options to meet any throughput requirement.
Check Point提供了IPS软件刀片选项以满足任何吞吐量的需求。

Multi-Method Engine（多方法引擎）
The multi-method IPS engine provides pre-emptive and accurate detection by leveraging integrated behavioral and signature-based detection and analysis.
多方法IPS引擎提供了优先预定和精确检测，使用了综合性为和基于签名的检测和分析机制
² Accelerated performance（加速的性能）
² Increased protection accuracy（增强的防护准确性）



[ 本帖最后由 liuxingyuan 于 2009-3-1 14:19 编辑 ]

liuxingyuan

Dynamic Threat Management （动态威胁管理）
With the IPS Software Blade and the Security Management blade you gain a new, dynamic management paradigm for today’s high volume, real-time and evolving threat environment.
使用IPS软件刀片和安全管理刀片您能获取了一个全新的，动态的管理模式，以满足今天高容量，实时的和变化的威胁环境。
Check Point’s threat management workflows allow you to handle constant change quickly and efficiently, reducing your management overhead and allowing you to confidently and promptly deploy protections
Check Point的威胁管理工作流允许你高效地应对不断快速的变化，减轻了你的管理开销并且允许您自信的并迅速的部署防护。
² New Protections Sandbox - Builds confidence in a ‘sandbox’ environment with no impact on your network.（新式保护沙盘—在一个“沙盘环境”里建立信任，不影响您的网络。）
² Automatic Protection Activation – Activation of new protections, based on configurable parameters (performance impact, confidence index, threat severity). The difficulties of constant, individual management of thousands of protections is eliminated.（自动防护激活——新的防护激活，基于配置参数（性能影响，信任索引，威胁严重性）。持续的，上千种防护管理的困难被消除。）

² Unified Management – The IPS blade is configured and managed through a common Check Point management interface—the same one used to manage other Security Gateway Blades and Check Point’s dedicated IPS. （统一管理—IPS刀片的配置和管理是通过一个常用的Check Point管理接口—与管理其他的安全网关刀片和专注的IPS的用法一致）
² Configurable, Actionable Monitoring – Track events through detailed reports and logs of what is most important. The new Security Management blades for IPS and Provisioning simplify threat analysis and reduce operational overhead. （可配置，可追溯的监视—通过详细的报告和记录那些最重要的事件跟踪实现。IPS安全管理刀片和供应简化了威胁分析，减轻了操作负担。）
² Business–level Views – Customizable reports provide easy monitoring of critical security events associated with your business critical systems.（企业级视图—自定义报告提供了容易的关联了您企业的关键系统重要事件的监控）
² Multi–Dimensional Sorting – Drag–and–Drop columns of event data and the information is automatically re–ordered. （多维排序—拖放事件数据列信息自动的重新排序）
² Actionable Event Logs– Edit the associated protection, create an exception, or view packet data directly from log entries.（可追溯的事件日志—编辑关联的保护，创建一个例外或者从日志条目中直接查看数据包）

Painless Deployment （轻松的部署）
² Deployed on Your Existing Firewall – Reduces deployment time and costs by leveraging existing security infrastructure.（在您现有的防火墙上部署—减少了部署的次数和成本不改变现有的安全基础架构）
² Granular Protection control- Easy-to-use protection profiles allow administrators to define signature and protection activation rules that match the security needs of your network assets. （细粒度的保护控制—易于使用的防护轮廓允许管理员定义签名和保护规则去匹配你网络资产的安全需求）
² Predefined Default and Recommended profiles – Provide immediate and easy use out-of-the-box with profiles tuned to optimize security or performance.（预定义默认和推荐轮廓—提供了即时和开箱即用的轮廓，调节了最佳的安全性能）
² Optional Detect-Only Mode – Sets all your existing protections to only detect, but not block traffic to allow you to evaluate your profile without risking disruption.（可选的仅检测模式—设置您现有的防护只检测，不阻止流量允许您评估您的轮廓而不带来中断的风险）

[ 本帖最后由 liuxingyuan 于 2009-3-1 14:24 编辑 ]

liuxingyuan

Protection before the Patch（打补丁前的防护）
Patching is an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle Patch Tuesdays and secure the network between updates.
Find out how to leverage Check Point’s IPS offerings to make Patch Tuesday just another day.
打补丁是一个不完整的安全措施，能使您的网络打开攻击之门。采用更综合的措施，联合健壮的IPS功能使用合作的补丁策略，网络管理员能更好的装备自身以处理在网络升级期间的星期二补丁与安全。
Total Security Value （全面安全价值）
The IPS blade provides Total Security delivered at half the acquisition cost of multiple standalone solutions. Gain up to 10x better price/performance of existing integrated IPS solutions.
IPS刀片提供了全面安全使用了多个单独解决方案成本的一半购置成本，与现有的集成IPS方案比较可获得10倍性价比
Integrated IPS Advantages: （集成IPS的优点）
Integrated IPS has many advantages that are making it a new standard in security:
集成的IPS具有很多优点使之成为一个安全标准。
Reduces costs by consolidating multiple independent solutions
通过加强多个单独的解决方案来减少成本。
² By integrating an IPS Software Blade into your existing firewall, you save on: （在您现存的防火墙上集成IPS软件刀片，您能节省：）
n Equipment purchase（设备购置）
n Hardware footprint（硬件增加）
n Training and ongoing management（管理培训）
n Rack space（机架空间）
n Cabling（线缆）
n Cooling（制冷设备）
n Power（电源）
² Facilitates reduced latency （促进延迟减少）
n By inspecting the traffic only once for both firewall and IPS protection, integrated IPS causes less bottlenecking.（通过检查流量一次通过防火墙和IPS保护，集成的IPS减少了瓶颈）
² Provides cohesive security policy
（提供有效率的安全策略）
n An integrated solution drives a single, cohesive security policy. （集成的解决方案提供了单一的，有效地安全策略）
² Offers common management and training （提供普通管理和培训）
n Reduced management and training expenses （减少管理和培训的开支）
n Reduces errors and oversights （减少错误和疏忽）
n Better match with IT organizational structures （更好的匹配IT组织架构）
n Increased operational effectiveness and efficiency（增长的操作效果和效力）
n Make IPS deployment easier （使IPS部署更容易）
Leverages existing deployment for faster, cheaper deployment（在现有的部署上更快，跟便宜的部署）

[ 本帖最后由 liuxingyuan 于 2009-3-1 14:27 编辑 ]

liuxingyuan

Updates（升级）
In a constantly changing threat environment, defenses must continually advance. For defenses to evolve in real-time, an ongoing service is required. The Check Point IPS Blade is updated in real-time with defense updates and configuration advice against emerging threats and attacks.
在威胁持续改变的环境中，防御必需经常更新。为防御实时地演进，持续的服务是必须的。Check Point IPS刀片是实时升级的，使用防御升级和配置建议抵御新出现的威胁和攻击。
² Pre-emptive Protection – Keep your defenses current between your regularly-scheduled product upgrades and security patches. （优先预定保护—在您正常的调度产品升级和安全补丁之间保持你的防御最新）
² Easy Management – Update your whole system in minutes. Each update comes with full configuration instructions and information about the associated threat. （易于管理—在几分钟内升级您的整个系统。每个升级包含了整个配置指南和相关威胁的信息）
² Automatic Activation – Optionally set the system to activate new protections that meet your criteria for severity, performance and confidence.（自动激活—为新的保护设置系统自动激活选项，满足严格的标准，性能和可信度）
² 24x7 Threat Coverage – Check Point Security Gateways with integrated IPS are supported by multiple Check Point Research and Response Centers around the globe.（24x7威胁覆盖—集成了IPS的Check Point安全网关，通过多个全球范围的Check Point 研究和响应中心支持。）
The IPS Blade is supported by the same global Check Point Research and Response Centers that provided the best Microsoft vulnerability threat coverage amongst leading security vendors in 2008.
IPS刀片同样被全球Check Point研究和响应中心支持，那里提供了最佳Microsoft弱点威胁覆盖，是在2008年安全厂商的领导。
The IPS Blade comes with over 2000 protections and Check Point’s Research and Response Centers are continually monitoring for new threats and creating new protections. To see examples of protections these centers have created in the past, see SmartDefense Services. You can expect this same, trusted level of pre-emptive protection for the IPS Software Blade.
IPS刀片，超过2000种保护和Check Point研究和响应中心持续的对新威胁的监控并创建新的保护。这些中心的过去提供保护的示例见SmartDefense服务。你能有相同的期待，信任IPS软件刀片优先的防御。

liuxingyuan

Web Security Software Blade （Web安全软件刀片）

Overview（概述）
The Check Point Web Security Software Blade provides a set of advanced capabilities that detect and prevent attacks launched against the Web infrastructure. The Web Security Software Blade delivers comprehensive protection when using the Web for business and communication.
Check Point Web安全软件刀片提供了一个高级能力集合，包括监测和阻止向Web基础设施发动的进攻。Web安全软件刀片在Web用于商业和通讯时提供了综合保护。
Key benefits （主要优点）
² Establishes strongest protection against buffer-overflow attacks（建立强大的保护防御缓存溢出攻击）
² Offers application-level Web Security at wire-speed（提供线速应用层web安全）
² Improves end-user experience by inserting helpdesk Web pages（通过增加帮助服务Web页面提高终端用户的体验）
² Provides quick deployment for mission-critical applications（为关键性应用提供了快速的部署）
² Protects against new threats through the Check Point Update Service（通过Check Point升级服务抵御了新的威胁）

[ 本帖最后由 liuxingyuan 于 2009-3-2 00:28 编辑 ]

liuxingyuan

Features（特性）
Malicious Code Protector™ （恶意代码保护者）
Advanced streaming inspection （高级流检查）
Simple deployment and management （简单的部署和管理）
Seamless integration into Check Point Security Gateways （与Check Point安全网关无缝集成）
Malicious Code Protector （恶意代码保护者）
Check Point’s patent-pending Malicious Code Protector offers a revolutionary way of identifying buffer overflow, heap overflows, and other malicious executable code attacks that target Web servers and other applications without the need of signatures. Malicious Code Protector can detect malicious executable code within Web communications by identifying not only its existence within a data stream but its potential for malicious behavior. Malicious Code Protector performs four important actions:
Check Point恶意代码保护者（专利申请中）提供了革命性的方法识别缓存溢出，堆栈溢出，和其他恶意可执行代码等针对Web服务器和其他的应用，并且不需要签名。恶意代码保护者能检测Web通讯中的恶意可执行代码，实现方式为：通过识别在恶意代码数据流中的存在和它的潜在恶意行为。恶意代码保护者提供了四个重要功能：
² Monitors Web communication for potential executable code （监视Web通讯的潜在恶意代码）
² Confirms the presence of executable code （确认存在的可执行代码）
² Identifies whether the executable code is malicious （识别可执行代码是否是恶意的）
² Blocks malicious executable code from reaching a target host （阻止恶意可执行代码到达目标主机）
Malicious Code Protector identifies both known and unknown attacks, offering preemptive attack protection. Moreover, this level of protection does not come at the price of performance degradation because Malicious Code Protector is offered at the kernel level, delivering wire-speed throughput.
恶意代码保护者识别已知和未知的攻击，提供优先攻击保护。此外，这种水平的保护不会以性能损失为代价，因为恶意代码保护者提供在核心层，以线速的吞吐量处理。
Advanced Streaming Inspection（高级流检查）
Advanced Streaming Inspection is a Check Point kernel-based technology that processes the overall context of communication. This technology can make real-time security decisions based on session and application information, and protects Web communication even when it spans multiple TCP segments. Process-intensive application inspections are offloaded to the kernel, dramatically improving throughput and connection rates.
高级流检查是Check Point的基于内核的技术，处理总体框架的沟通。这种技术实现了基于会话和应用程序信息的实时安全检测，保护了web通讯，甚至当它分成多个TCP分段。进程密集型的应用检查从核心中剥离，极大地提高了吞吐量和连接的速率。
Advanced Streaming Inspection uses Active Streaming technology, which has the capability to modify the content of a Web connection on the fly. This important capability offers several unique advantages to Check Point customers. Active Streaming uses HTTP header-spoofing capability, providing a first level of defense by hiding important site-specific properties about the Web environment. These properties often include the names and versions of operating systems, and identity Web servers and backend servers. This information is typically useless to end users, but extremely valuable to attackers who are trying to gather information about their target. The Web Security Software Blade can intercept a Web response that contains a server’s identity and gives the administrator the option to either completely hide such disclosure or optionally change the stream to confuse attackers.
高级流检查使用活动流技术，具有在线编辑web连接内容的能力。这种重要的能力为Check Point客户提供了几个独一无二的优点。活动流利用HTTP头部欺骗能力，提供第一道防线，隐藏了关于web环境中的重要站点属性，这些属性也包括了操作系统的版本和名字，web服务器和后端服务器的身份。这些信息一般对终端用户是无用的，但对于攻击者是极有价值的，他们正试图收集关于他们目标的信息。Web安全软件刀片能拦截包含服务器身份的web响应，并且为管理员给出一个选项是否完全隐藏这种公开消息，或者改变流以混淆攻击的选项。
Administrators can improve the end-user experience with Active Streaming by predefining custom error pages. To most users, generic error status codes are meaningless. Active Streaming redirects the end user to a custom-defined error page with meaningful helpdesk hints. This feature dramatically improves the end-user experience and reduces helpdesk costs.
管理员使用活动流提高了终端用户的体验，提供预定义的错误页面。对于大多数用户，产生错误状态代码是没有意义的。活动流将终端用户重定向到客户定义的错误页面，提供了有意义的帮助提示。这个特性极大的提高了终端用户的体验，减少了服务成本。
Simple Deployment and Management（简单的部署和管理）
Web Security management within Check Point Security Gateways is fully integrated into the management GUI. The user interface is preconfigured with protections to counter known common attacks—each with attack and defense descriptions. Because each Web application server is different from others in its security requirements, the Web Security Software Blade offers the capability to configure granular security for different Web applications and Web servers. First-time configuration of the Software Blade takes just minutes. Monitor-only mode allows smooth security deployment without the risk of rejecting connections to mission-critical applications due to misconfiguration of a security policy.
Check Point安全网关内的Web安全管理完全集成进管理图形用户接口（GUI）。用户接口是预先配置好的，提供了抵抗已知的普通攻击（每一种包含了攻击和防御描述）。因为每一个web应用服务器的安全需求各不相同，web安全刀片为不同Web应用和Web服务器提供了细粒度的安全配置。第一次配置软件刀片仅花费几分钟的时间。仅监视的模式允许您平滑的安全部署，消除了错误的安全策略配置对关键业务应用影响的风险。
Seamless Integration with Other Software Blades（与其它软件刀片无缝集成）
The Web Security Software Blade is tightly integrated other Check Point Software Blades, and does not require installation on additional devices. Security and audit logs are integrated into Check Point reporting, auditing, and log architecture, providing administrators a powerful tool to centrally analyze security violations.
Web安全软件刀片与其它Check Point软件刀片高度集成，不要求安装在另外的设备上。安全和审计日志集成进Check Point报告，审计和日志架构，为管理员提供了一个强大的工具去集中分析安全违例。

[ 本帖最后由 liuxingyuan 于 2009-3-2 00:30 编辑 ]