Technical Sessions
You can choose to
attend whichever Technical Sessions you wish, from any group. As we get closer to the conference, we'll specify
a specific schedule for these sessions.
Group 1: Firewall-1/VPN-1 Beginner Track
Group 2: Firewall-1/VPN-1 Intermediate Track
Group 3: Firewall-1/VPN-1 Advanced Track
Group 4: Technical Presentations By OPSEC Partners
Group 5: We Help Each Other Out
Group 1: Firewall-1/VPN-1 Beginner Track:
___103: R70.1, SmartWorkflow and Innovations in Operations
Management
| "A firewall is only as good as it's last policy
review...." With Check Point's release of R70.1,
there have been numerous improvements and a new focus on
the operational and change management aspects of
Firewall Operations Management. This presentation will
demonstrate some of the new elements within the
SmartConsole that have been improved in R70.1, as well
as some old but not recognized features, all of which
are designed to make a Firewall Admin's job easier. The
second half of the presentation will examine Check
Point's SmartWorkflow Blade, showing its strengths and
weaknesses and comparing it to other change management
and workflow technologies.
Presenter:
Robert Mitchell,
CCSE+, owner and CEO of
PureSecurity
Pty Ltd, a Check Point Focused Security Consultancy
and MSP in Sydney, Australia. Duration: 90
minutes On the
CPUG
discussion board, he is "Thorpuse". |
___104: R70 Software Blade Architecture: Technology Upgrade
or Just a Licensing Upgrade?
| "An Examination of R70 Software Blade
Architecture" Robert Mitchell will explain the current
state of affairs with the new R70 Software Blade
Architecture, with a particular emphasis on an
examination of whether the new architecture represents
new functionality or is just another opportunity for a
"License Upgrade".
Presenter:
Robert Mitchell,
CCSE+, owner and CEO of
PureSecurity
Pty Ltd, a Check Point Focused Security Consultancy
and MSP in Sydney, Australia. Duration: 60
minutes On the
CPUG
discussion board, he is "Thorpuse". |
___105 Security at The Würth Data Center in Chur,
Switzerland
| "An Inside Look at the Würth ITensis Data
Center" Würth ITensis CEO Mr. John Fisher will give us
a virtual tour of the Würth data center in Chur.
He cares so much for the security of his customers and
systems that CPUG conference attendees aren't even
allowed in! As compensation, he'll be showing us
lots of photos and talking about their various security
policies and procedures. Presenter: Mr. John
Fisher, CEO of
Würth ITensis, in Chur, Switzerland Duration: 60 minutes |
___108 Overview of Firewall-1/VPN-1 on Crossbeam
X-Series
| "Frequently Asked Questions About Running
Firewall-1/VPN-1 on the Crossbeam Platform"
Crossbeam, like Nokia, Check Point and Resilience, makes
platforms for Firewall-1/VPN-1.The architecture of the
X-series platform allows the implementation of a highly
redundant load balanced firewall cluster. Carsten Löhn
will discuss the basic concepts of that architecture and
demonstrates the basic steps from the blank system to a
running firewall cluster.
Duration: 60 minutes Presenter:
Carsten Löhn is Senior Trainer and Consultant at
ExperTeach GmbH in Germany. |
___109 Adding Intelligence to the Firewall Rule Change
Workflow
| "Intelligent Change Management for Your
Security Policy"
Business units regularly make firewall change requests:
Often tens to hundreds of change requests per week.
The process of meeting the requests is complex: It
involves multiple people in different organizations, it
involves several approvals and checks, and it is subject
to audit and regulation. Many organizations do
have a "change management system" in place - but such
workflow or ticketing systems are focused only on
process administration, and do not have insight into the
specifics of firewall changes.
In this presentation, Dr. Wool will describe the AlgoSec
method of dealing with rule base change control
challenges by introducing - and showing a live demo - of
the FireFlow system. FireFlow is an intelligent workflow
system built specifically for the change process in
network security devices.
Duration: 90 minutes Presenter:
Dr. Avishai Wool,
Co-founder and CTO of
AlgoSec in Petach Tikva, Israel |
___110 Troubleshooting in the Check Point Environment - Part I
| "Houston, We Have a Problem!" In this
presentation we're covering troubleshooting for the
common problems in a Check Point environment.
- Learn how to use command line tools to see the
health of your system and if your network is working
correctly.
- Have a look at your firewall operations using fw
monitor and see what you can do when your VPN fails.
- The best way to open Service Requests with Check
Point, so that you can provide the most useful
information to the supporters to solve your problem.
- We'll also have a look backstage and see how the
TAC is organized and how escalations can be done.
Duration: 120 minutes
Presenter:
Tobias Lachmann, CCSE+, is a Technical
Consultant with MCS Moorbek Computer
Systeme in Hamburg, Germany and has over eight years of
experience with Check Point Products. |
Plus more presentations to be announced shortly!
Group 2: Firewall-1/VPN-1 Intermediate Track:
___201: Introduction to the SecurePlatform Provisioning
Tool
| "First Look at the SecurePlatform Provisioning
Tool"
Valeri Loukine will give us a first look at the
SecurePlatform Provisioning tool and compare it to Nokia
Horizon Manager.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 60 minutes
On the
CPUG
discussion board, he is "varera". |
___202: Remote Access in a Post-SecuRemote/SecureClient World
| "Remote Access in a Post-SecuRemote/SecureClient
World" SecuRemote and SecureClient are now scheduled
for EOL (End-of-Life). Robert Mitchell will give a
demonstration and discussion of the Check Point
technologies replacing these old favorites:
- Endpoint Connect: What it has and (more
importantly) what it doesn't have.
- SNX
- Connectra (or whatever it's R70 equivalent is)
Presenter:
Robert Mitchell,
CCSE+, owner and CEO of
PureSecurity
Pty Ltd, a Check Point Focused Security Consultancy
and MSP in Sydney, Australia. Duration: 60
minutes On the
CPUG
discussion board, he is "Thorpuse". |
___203: Migration from a Distributed Environment to a UTM-1
Cluster
| "How to Migrate a VPN-1 Gateway Cluster and a
SmartCenter Management Server to a Cluster of UTM-1
Appliances." While a VPN-1 gateway cluster requires a
distributed installation with a separate SmartCenter,
the new UTM-1 appliances relieve this prerequisite.
Now you can have a gateway cluster with SmartCenter
installed and enjoy also free management high
availability. The migration from a distributed
installation to UTM-1 appliances is somewhat tricky,
though. This presentation will show you how it's
done and what you need to think of while doing it
yourself.
Duration: 60 minutes
Presenter:
Tobias Lachmann, CCSE+, is a Technical
Consultant with MCS Moorbek Computer
Systeme in Hamburg, Germany and has over eight years of
experience with Check Point Products. |
___205: Check Point Licensing Games or "Oops, They Did It Again"
| "More Trouble in License City" The number one
complaint by Check Point administrators is how much time
and resources are consumed trying to understand Check
Point product licensing and then fighting with Check
Point over those licenses. And then it seems
within months they'll completely restructure the
licensing and rename many products in the process.
Valeri Loukine will explain the current licensing
scheme, discuss optimal strategies for managing your
licenses, and try to identify themes to better prepare
for the next major licensing restructuring.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 60 minutes
On the
CPUG
discussion board, he is "varera". |
___206: How I Earned My CCMA (Check Point Certified Master
Architect)
| "The Inside Story on Earning a CCMA" Valeri
Loukine is Switzerland's first CCMA (Check Point
Certified Master Architect). He'll tell us about
the process of earning Check Point newest and most
advanced technical certification.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 60 minutes
On the
CPUG
discussion board, he is "varera". |
___207: IPSO vs. SPLAT: Which Features to Save and Which Features
to Lose
| "How We'd Like To See Check Point Combine These Two
Operating Systems" Now that Check Point has purchased
the Nokia IPSO line of security appliances, they have an
opportunity to retain the best features from both
platforms. Valeri Loukine will analyze the
strengths and weaknesses of both operating systems and
show what he'd like to see in the final merger.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 60
On the
CPUG
discussion board, he is "varera". |
___208: IPSec VPN: How Does It Really Work?
| "IPSec VPN: How Does It Really Work?"
It took many years, but IPSec is now the established
standard for VPN's over the Internet. Check
Point's new Community-based method for VPN configuration
has eliminated many of the difficulties, but the
underlying algorithms remain fascinating. Yasushi
will answer these questions, and more:
Why is there no Phase III?
"Stateless", or "Puzzles"?
Yasushi says he won't be giving these answers until
the end of his presentation because he wants to maintain
"Perfect Forward Secrecy".
Yasushi will also be presenting an Excel spreadsheet
for calculating and experimenting with the
Diffie-Hellman Key Exchange.
Duration: 90 minutes
Presenter:
Yasushi Kono, Senior Technical Consultant at
ComputerLinks GmbH in
Dreieich (Germany)。
On the
CPUG
discussion board, he is "Yasushi
Kono". |
___209: Comparing and Contrasting Check Point NGX with
Juniper ScreenOS Firewalls
| "The Two Firewall Leaders Go Head to Head"
According to Gartner's Magic Quadrants, Check Point and
Juniper are the two leaders in this market segment.
Yasushi Kono will compare and contrast these two product
and help us understand some fundamental underlying
differences.
Duration: 90 minutes
Presenter:
Yasushi Kono, Senior Technical Consultant at
ComputerLinks GmbH in
Dreieich (Germany)。
On the
CPUG
discussion board, he is "Yasushi
Kono". |
___210: Comparing and Contrasting Firewall-1/VPN-1 Authentication
Methods
| "User, Client, and Session Authentication:
Which to Use, and Why?"
While rather old technology in Firewall-1/VPN-1,
Authentication can still be useful. Carsten Löhn
will compare and contrast User, Client, and Session
authentication and discuss the configuration details.
Duration: 90 minutes
Presenter:
Carsten Löhn is Senior Trainer and Consultant at
ExperTeach GmbH in Germany.
|
___211: Dissecting Object Filler and Object Dumper
| "Knowing the Capabilities, Internals and
Some Tricks Around Object Filler and Object Dumper."
We will review the logic behind
Object Filler and Object Dumper version 2.4 (the
latest available), including the different options the
tools have, what the best use for them is, and what to
do if you get stuck in a problem. We will discuss,
among other points:
- Scripting network object creation
- "Dumping" SmartCenter Server configurations
- Why do we have different file types supported
- Working with SmartCenter Servers
- (If time allows) Basic things to look at when
Working with Provider-1
- Capabilities when converting from other firewall
brands to Check Point
Duration: 120 minutes
Presenter:
Martín Hoz is Systems Engineering Manager, Latin
America, with Fortinet.
|
___212: Automating Firewall Management with Tufin
Technologies
| "Reuven Harrison Will Discuss His Vision of
Firewall Management Automation and Present Several
Breakthrough Technologies in This Area." Real life
experience shows that firewall administrators spend too
much time on labor intensive, repetitive tasks. Tufin's
CTO, Reuven Harrison, will present the new tools that
automate these tasks. Specifically, we will focus on
change management, firewall deployment and rule base
maintenance. Our goal is to demonstrate how firewall
administrators can free up their time so they can focus
on security architecture and strategy rather than
mundane operations.
Duration: 60 minutes
Presenter:
Reuven Harrison is
CTO at Tufin Technologies
|
___213: Securing Networks with High Availability
| "How to Secure Your Networks with High
Availability" Simon Desmeules will discuss the
importance of High Availability and will show how
Resilience Security Gateway platforms can provide much
more visibility and failure monitoring than a standard
Security Gateway.
Duration: 60 minutes
Presenter:
Simon Desmeules is
Senior Systems Engineer at
Resilience
|
Plus more presentations to be announced shortly!
Group 3: Firewall-1/VPN-1 Advanced Track:
___302: Migration to Provider-1: Tips and Tricks
for Doing It Right
| "How To Migrate To Provider-1" Sooner or later,
many large organizations will realize they're buying and
maintaining far too many SmartCenter Servers and trying
to keep organization-wide objects synchronized in all of
them. At this point, the thought of migration to
Provider-1 comes into the picture.
Valeri Loukine will draw on his years of experience
and discuss the important tips and tricks for completing
this complex upgrade with the least amount of trouble.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 120 minutes
On the
CPUG
discussion board, he is "varera". |
___303: CMA Migration with VSX
| "CMA Migration with VSX" Valeri Loukine will walk
us through many undocumented techniques and let us
benefit from his years of experience.
Presenter:
Valeri Loukine, CCMA, Senior Security Engineer at
Dimension Data
in Switzerland.
Duration: 60 minutes
On the
CPUG
discussion board, he is "varera". |
___304: Eventia SIEM/Reporting Functions: Demonstration and Discussion
| "Eventia SIEM/Reporting Functions: Demonstration and
Discussion" Robert Mitchell will give a full
demonstration on Eventia: what it is, what does it do,
what are the hardware requirements, and what are the
cost and licensing requirements.
Presenter:
Robert Mitchell,
CCSE+, owner and CEO of
PureSecurity
Pty Ltd, a Check Point Focused Security Consultancy
and MSP in Sydney, Australia. Duration: 60
minutes On the
CPUG
discussion board, he is "Thorpuse". |
___305: Troubleshooting in the Check Point Environment -
Part II
| "When the going gets tough..." We will
look at the general methods of kernel debugging and see,
how it can be done for specific parts of the Check Point
environment. Check out the advanced use of fw monitor
and the analysis of the captures files with graphical
tools like Wireshark. Learn how to troubleshoot UTM-1
Edge appliances as well as SmartCenter or GUI problems.
Duration: 120 minutes
Presenter:
Tobias Lachmann, CCSE+, is a Technical
Consultant with MCS Moorbek Computer
Systeme in Hamburg, Germany and has over eight years of
experience with Check Point Products. |
Plus more presentations to be announced shortly!
Group 4: Technical Presentations By OPSEC Partners:
Serious, technical, under-the-hood lectures and demonstrations
geared towards end-users. Not a sales or marketing
presentation.
Please contact Barry Stiefel ("Stee-ful") at 1-415-543-5222 or
bjstiefel <(at)> CPUG <(dot)> org to discuss the opportunities here.
Group 5: We Help Each Other Out:
___501: Community Discussion: Ask
The Experts
Plus more presentations to be announced
shortly!
 |