Check Point Firewall-1 First Firewall to Provide Safeguard Against TCP SYN Flooding; Stateful Inspection Architecture Enables Unique Protection Against Recent Denial-of-Service Attacks.REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif.--(BUSINESS WIRE)--Oct. 1, 1996-- Check Point Software Technologies Ltd., (Nasdaq: CHKPF), the leader in network security, today announced FireWall-1 SYNDefender(tm), a downloadable software module for its industry-leading Check Point(tm) FireWall-1(tm) product. The new module, now available free of charge on Check Point's Web site (http://www.checkpoint.com), makes FireWall-1 the industry's first and only firewall to provide protection against this denial of service attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , which has crippled several Internet Service Providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISPs) in recent weeks. Check Point's SYNDefender software, which is easily integrated into existing FireWall-1 installations, protects against the TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. SYN 1. (character) SYN - Synchronous idle. 2. (language) SYN - A syntactic specification language for COPS. ["Metalanguages of the Compiler Production System COPS", J. Borowiec, in GI Fachgesprach "Compiler-Compiler", ed W. (requests for connection establishment) flood attacks by intercepting all SYN packets and mediating the connection attempts before they reach the operating system. This prevents the target host from becoming flooded by these unresolved connection attempts, which causes the operating system, and the host, stop receiving new connections. As a result, the host system is effectively insulated from the SYN flood attack An assault on a network that prevents a TCP/IP server from servicing other users. It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signaling until it and denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. condition that results. Check Point's patent-pending "Stateful Inspection" architecture enables this protection because it inspects network communication attempts before they reach the operating system. Firewalls based on an application gateway architecture cannot protect against TCP SYN flood attacks because they accept or reject connections after they have already passed through the control of the operating system. "The recently-highlighted SYN flood attacks probably cost companies hundreds or even thousands of hours of lost productivity," said Dr. Deborah Triant, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Check Point Software Technologies, Inc. "Because Check Point's unique architecture inspects network traffic before it reaches the operating system, we can provide a solid safeguard against the SYN flood attacks without affecting user connections and overall business productivity." Two Implementations of SYNDefender Check Point has developed two implementations of the SYNDefender software, SYNDefender Relay and SYNDefender Gateway. Which implementation a network administrator chooses to integrate into his or her FireWall-1 installation is dependent on the particular network's characteristics. The SYNDefender Relay implementation intercepts the SYN packets between the user and the host to determine if the connection request is valid. Only if the FireWall-1 SYNDefender Relay software determines that the request is valid does it allow the actual connection to be established with the target host. Alternatively, the SYNDefender Gateway accepts all connection attempts, both valid and invalid, and protects the server under attack by immediately moving these connection requests from the backlog queue, which is typically extremely short, to the open connections queue, which is easily handled by the server. Connections not completed within a pre-defined interval are terminated by FireWall-1. For More Information on SYNDefender and TCP SYN Flood Attacks More information on Check Point's SYNDefender software is available at http://www.checkpoint.com. For more information on TCP SYN flood attacks, see the CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks which is downloadable from ftp://info.cert.org/pub/cert_advisories. Availability A beta version of SYNDefender is available immediately, free-of-charge, for FireWall-1 installations on Sun Solaris for SPARC (Scalable Performance ARChitecture) A family of RISC CPUs from Sun that runs mostly under Sun's Solaris, but also under Linux and BSD operating systems. After development began in the mid-1980s by David Patterson of the University of California at Berkeley and Bill and x86, SunOS 4.1.x and HP-UX HP's version of Unix that runs on its 9000 family. It is based on SVID and incorporates features from BSD Unix along with several HP innovations. (operating system) HP-UX - The version of Unix running on Hewlett-Packard workstations. 9.x and 10.x on Check Point's Web site at www.checkpoint.com. A version of the software for Windows NT will be available soon. About CHECK POINT Software Technologies Ltd. Check Point Software Technologies Ltd. is the market leader in global network security software. The company commanded 40% of the worldwide firewall market in 1995 according to an IDC study issued in February 1996. The company's flagship product, Check Point(tm) FireWall-1(tm), protects internal and external network communication for thousands of organizations of all sizes. Its products are sold worldwide through OEM (Original Equipment Manufacturer) The rebranding of equipment and selling it. The term initially referred to the company that made the products (the "original" manufacturer), but eventually became widely used to refer to the organization that buys the products and partners, distributors, VARs, systems and network integrators and Internet Service Providers. Listed on the NASDAQ under the symbol "CHKPF," the company has U.S. headquarters in Redwood City, California Redwood City is a suburb located on the San Francisco Peninsula in the San Francisco Bay Area of California. Redwood City is the county seat of San Mateo County. As of the 2005 census, the city had a total population of 76,000. and international headquarters in Ramat-Gan, Israel. For product information, please call 415/562-0400, e-mail info@checkpoint.com or visit Check Point at http://www.checkpoint.com. -0- Note to Editors: 1996 CHECK POINT Software Technologies, Ltd. CHECK POINT, the CHECK POINT logo, CHECK POINT FireWall-1, FireWall-1 SecuRemote, FireWall-1 SYNDefender, and FireWall-First! are trademarks of CHECK POINT Software Technologies Ltd. All other product names mentioned herein are trademarks of their respective owners. CONTACT: Check Point Software Technologies, Inc. Emily Cohen cohen or kohen (Hebrew: “priest”) Jewish priest descended from Zadok (a descendant of Aaron), priest at the First Temple of Jerusalem. The biblical priesthood was hereditary and male. , 415/562-0400 Ext. 228 emily@us.checkpoint.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion