Certifying Entry-Level Security Expertise

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Check Point delivers intelligent perimeter, internal and Web security solutions that are used by nine of the top 10 Fortune 500 companies. Maintaining a 70 percent market share for virtual private networks (VPNs) and firewalls (according to Infonetics Research Group, February 2004), Check Point is a recognized leader in protecting the Internet. Check Point VPNs/firewalls are highly valued in today’s complex and ever-changing security environment, and employees who are proficient in administering these solutions have a competitive advantage in the marketplace.

The Check Point Certified Security Administrator (CCSA) is the entry-level certification for the Check Point Certified Professional Security series, including Check Point Certified Security Expert (CCSE) and CCSE Plus. This article provides background on the Check Point Certified Security Administrator (CCSA), including how it was developed, the picture of practice on which it is based and the knowledge and skills you must demonstrate to acquire the certification.

Certification Origin
Check Point developed the CCSA certification to validate the abilities of the individual security administrator, and it began offering the certification in 1998. To date, there are more than 24,000 Check Point-certified professionals holding CCSA certifications worldwide. CCSAs have the skills and knowledge required to maintain the day-to-day operation of local firewalls for a small organization or a department within a larger enterprise.

Responsibilities range from using a single security gateway to protect from 14 to 50 systems to as many as seven security gateways supporting up to 200 systems. The CCSA is responsible for creating and installing security policies and knows how to manage anti-spoofing, Network Address Translation (NAT) and OPSEC applications.

CCSA Requirements and Prerequisites
Certification has two purposes: to validate the knowledge of the candidate and to judge the candidate’s experience with the product. Check Point exams are balanced at 80 percent book knowledge and 20 percent experience for the CCSA. One part reviews the candidate’s knowledge of the course materials and the product documentation, and the second requirement is that the candidate has at least six months to one year of experience with the product. Candidates are required to pass a single exam to achieve CCSA certification, #156-210.4, which is offered through VUE testing centers.

Candidates for the CCSA should have basic networking knowledge, familiarity with the Windows operating systems and/or UNIX, and experience with TCP/IP and the Internet. The Security Administrator exam measures competency and understanding in the following knowledge domains:



  • Architecture
  • SmartDashboard Rule Base and Properties Setup
  • Log Management
  • SmartDefense
  • User, Client and Session Authentication
  • Network Address Translation (NAT)


The architecture component of the CCSA certification focuses on three key areas of the candidate’s understanding of how firewalls work, what areas they do not address and their core strengths. First, the candidate must show knowledge of how stateful inspection extends the security of a firewall installation by going beyond traditional packet filtering. Second, the candidate must also demonstrate knowledge of how Check Point VPN-1 Pro, an integrated VPN/firewall software solution, works. Finally, the candidate must demonstrate an understanding of licensing and upgrade issues of both the firewall and network-related software, such as upgrading the antivirus technology, implementing the latest patches to the operating system and licensing a new enforcement module.

In summary, the primary components of the exam focus on:



  • Describing the firewall purpose.
  • Describing and comparing firewall architecture.
  • Identifying Check Point VPN-1 Pro components (VPN-1, FireWall-1).
  • Describing how backups protect an organization’s network.
  • Installing and upgrading Check Point VPN-1 Pro software.
  • Describing Check Point VPN-1 Pro.
  • Describing the Check Point VPN-1 Pro licensing function.


SmartDashboard Rule Base and Properties Setup
In Check Point’s job model surveys of our certified professional base, the Check Point VPN-1 Pro user community has identified maintaining security policies and rule bases as critical for operational success, business continuity and customer satisfaction. To address this critical component, administrators need to review the adequacy and implementation of security policies on a weekly basis due to changing threats and conditions.

The CCSA exam covers the definition and creation of rule bases and installing the resulting security policy. It also covers translating corporate policies and procedures to rules and creating objects and services to allow approved traffic. The security administrator must create access when and where needed and deny access where appropriate.

In summary, the primary components of the exam focus on:



  • Explaining security policy function and operation.
  • Demonstrating security policy setup and operation.
  • Installing and uninstalling a security policy.
  • Demonstrating usage of SMARTClient for creating network objects and groups.
  • Listing security policy guidelines for improving VPN-1 Pro performance.
  • Demonstrating anti-spoofing setup.


Log Management
The CCSA candidate must know how to analyze and check firewall log files for suspicious activity (attacks) from internal or external sources using SmartView Tracker. This was the second-highest priority identified in the job model surveys. To demonstrate this competency, the candidate will be required to analyze dropped traffic, identify what signals an attack and determine which entries require investigation. The candidate will identify errors and potential intrusions, establish and evaluate countermeasures, and recognize critical dropped connections.

In summary, the primary components of the exam focus on:



  • Specifying selection criteria and saving log files.
  • Hiding and unhiding rules, viewing hidden rules, defining and applying a rule mask.
  • Interpreting SmartView Status Icons.
  • Identifying three SmartView Tracker display modes.


Using knowledge of attack patterns, the administrator can configure a system to block common categories of attacks. The CCSA exam validates the security administrator’s understanding of these patterns and how to enable SmartDefense—which actively protects organizations from known and unknown network- and application-level attacks using Check Point’s Stateful Inspection and Application Intelligence technologies—global protection mechanisms to block them. The exam also determines the administrator’s ability to use SmartView Status to monitor security policies.

In summary, the primary components of the exam focus on:



  • Describing steps to block intruders.
  • Listing three blocking scope options and their uses.
  • Describing “block request.”
  • Understanding Application Intelligence active-defense technologies.
  • Configuring Check Point VPN-1 Pro to block common categories of attacks.
  • Enabling SmartDefense global protection mechanisms.
  • Using SmartView Status to monitor security policies.


Authentication Parameters: User, Client and Session Authentication
Authentication tasks require attention on two levels: a daily review to establish that users are gaining the access needed and an annual review of the access policies that have evolved over the past year. The CCSA exam focuses on the security administrator’s ability to select the appro

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|