Attack Prevention Safeguards and Attacks Blocked

Network Layer

FireWall-1 NG with Application Intelligence blocks many attacks and provides numerous attack prevention safeguards. This table lists some of these defenses and organizes them by protocol and OSI Model layer.

Note: Check Point continually expands the breadth of defenses provided. This table is a snapshot not an exhaustive list.

Application Layer | Session Layer | Transport Layer | Network Layer |

 
Network Layer

Attack Prevention Safeguards
Attacks Blocked

IP
  • Enforce minimum header length
  • Restrict IP-UDP fragmentation
  • Enforce that header length indicated in IP header is not longer than packet size indicated by header
  • Enforce that packet size indicated in
    IP header is not longer than actual packet size
  • Scramble OS fingerprint
  • Control IP options
  • IP Address Sweep Scan
  • IP Timestamp Attack
  • IP Record Route Attack
  • IP Source Route Attack
  • IP Fragment Denial-of-Service Attack
  • Loose Source Route Attack
  • Strict Source Route Attack
  • IP Spoofing Attack

ICMP
  • Block large ICMP packets
  • Restrict ICMP fragments
  • Match ICMP requests and responses
  • Ping-of-Death Attack
  • ICMP Flood