Cloud Connect: Private and Secure Surfing. Bye for free
Recently, Check Point Software Technologies announced a cloud service for safe work with the Internet, even when leaving a secure perimeter. Officially, this service is positioned for the corporate segment, small business.
However, I believe that even in its current form, it may be useful to ordinary users, so I will briefly write about it.
Since the exit point is now in another country (I, as a rule, Sweden and Spain), you understand what other bonus you get.
The countries through which you exit, set up yourself (ie, "unnecessary" can be disabled).
I was pleasantly surprised that this has virtually no effect on speed. Only ping slightly increases.
My home WiFi speed (in the lower left corner of Vimpelcom):
')
And through the Cloud Connector (now there is Sweden Dedicated):
Of course, if you wish, you can temporarily disable the Cloud Connector. Conveniently, you can choose for what period of time. And then, even if you forget to activate it again, for example, in an hour you will again find yourself under protection.
What does this service give in terms of security?
On the tab Policy | URL Filtering you can select Advanced mode and specify different categories for different users. It is quite normal to restrict access to unwanted sites to the child.
Or you can set restrictions in a simplified mode (for the whole family):
Since the product is positioned as a corporate one, all file sharing services are prohibited by default. For the home, of course, this tick should be disabled. Well, or even turn off.
Otherwise, it looks like this:
And here I would recommend leaving everything on.
Antivirus is understandable. Even if some computer is installed, an extra check by another engine will not hurt.
Antibot - even if this filth starts on your computer (or already lives), the interaction with the botnet command center (C & C) will be blocked. Those. Not only will you learn about the problem in time, your client of the botnet network will also not receive commands from the management center and will not cause you any problems. Even some Cryptolocker will not bother you, your files will not be encrypted and will not be destroyed, since they will not be able to send the keys to their server.
Threat Emulation - the files you download (office documents, PDF, etc.) will be opened in virtual machines (for example, Win7x64 + Office 2010 + Adobe Reader 9) and if after opening a regular document, strange files suddenly appeared, the registry keys changed and etc., it will be blocked.
Of course, nothing will prevent you from temporarily disabling protection and, if you wish, you can download it.
IPS - knows a large number of signatures of known attacks, performs all sorts of heuristic checks, may well protect you from problems when visiting malicious sites.
Opens SSL traffic and performs all checks, i.e. can protect even when downloading a malicious file via https.
For a home, it may be worth turning it off. Though it is more correct to configure exceptions. So, by default, encrypted traffic from trusted financial sites (any kind of ebay with paypal) is not checked.
Management is carried out through the web: cloud.checkpoint.com
However, in order for you to create an account for free, you need to go to the secret link: cloud.checkpoint.com/index-out.php (Create Account).
After that, you will receive an email with links to downloads and a registration code.
For Windows / Mac, everything is clear - downloaded, entered the code, rejoice.
And for mobile devices, magic begins.
Well, that is You can, of course, manually install the corresponding applications by clicking on the links that came to them (they already have a secret registration code “sewn up” to you).
And you can just scan the QR code. Following the link you install yourself an application. And then (if you suddenly do not connect right away), already from the application, scan the code again. This will automatically connect to the correct server and substitute your registration code.
Everything is easy and simple.
Oh yes, as long as registration and use is free:
As I understand it, the date is in the American format (that is, until April 1, 2015, exactly for half a year).
However, as far as I know, even simple decent VPN services cost a few dollars a month. And if for the same money there will also be security, and even with almost no loss in speed (more than 50Mbps), it will be excellent.
In the meantime, all this wealth is completely free.
Use, ask, write your impressions and wishes in the comments.
PS Post is not advertising. Check Point company does not promote its solutions for home Russian users at all.
However, I believe that even in its current form, it may be useful to ordinary users, so I will briefly write about it.
main idea
- You install a small application on your device (Windows, Mac, iOS, Android)
- It intercepts Internet traffic and wraps it in the cloud, to the nearest server (now 14 countries, Russia plans for next year)
- In the cloud, traffic is checked (URL filtering, dangerous applications, antivirus, IPS, antibot ...)
- Sent to you already cleared
Since the exit point is now in another country (I, as a rule, Sweden and Spain), you understand what other bonus you get.
The countries through which you exit, set up yourself (ie, "unnecessary" can be disabled).
I was pleasantly surprised that this has virtually no effect on speed. Only ping slightly increases.
My home WiFi speed (in the lower left corner of Vimpelcom):
')
And through the Cloud Connector (now there is Sweden Dedicated):
Of course, if you wish, you can temporarily disable the Cloud Connector. Conveniently, you can choose for what period of time. And then, even if you forget to activate it again, for example, in an hour you will again find yourself under protection.
Security
What does this service give in terms of security?
URL filtering
On the tab Policy | URL Filtering you can select Advanced mode and specify different categories for different users. It is quite normal to restrict access to unwanted sites to the child.
Or you can set restrictions in a simplified mode (for the whole family):
Since the product is positioned as a corporate one, all file sharing services are prohibited by default. For the home, of course, this tick should be disabled. Well, or even turn off.
Otherwise, it looks like this:
Threat prevention
And here I would recommend leaving everything on.
Antivirus is understandable. Even if some computer is installed, an extra check by another engine will not hurt.
Antibot - even if this filth starts on your computer (or already lives), the interaction with the botnet command center (C & C) will be blocked. Those. Not only will you learn about the problem in time, your client of the botnet network will also not receive commands from the management center and will not cause you any problems. Even some Cryptolocker will not bother you, your files will not be encrypted and will not be destroyed, since they will not be able to send the keys to their server.
Threat Emulation - the files you download (office documents, PDF, etc.) will be opened in virtual machines (for example, Win7x64 + Office 2010 + Adobe Reader 9) and if after opening a regular document, strange files suddenly appeared, the registry keys changed and etc., it will be blocked.
Of course, nothing will prevent you from temporarily disabling protection and, if you wish, you can download it.
IPS - knows a large number of signatures of known attacks, performs all sorts of heuristic checks, may well protect you from problems when visiting malicious sites.
HTTPS Inspection
Opens SSL traffic and performs all checks, i.e. can protect even when downloading a malicious file via https.
For a home, it may be worth turning it off. Though it is more correct to configure exceptions. So, by default, encrypted traffic from trusted financial sites (any kind of ebay with paypal) is not checked.
How to install and configure?
Management is carried out through the web: cloud.checkpoint.com
However, in order for you to create an account for free, you need to go to the secret link: cloud.checkpoint.com/index-out.php (Create Account).
After that, you will receive an email with links to downloads and a registration code.
For Windows / Mac, everything is clear - downloaded, entered the code, rejoice.
And for mobile devices, magic begins.
Well, that is You can, of course, manually install the corresponding applications by clicking on the links that came to them (they already have a secret registration code “sewn up” to you).
And you can just scan the QR code. Following the link you install yourself an application. And then (if you suddenly do not connect right away), already from the application, scan the code again. This will automatically connect to the correct server and substitute your registration code.
Everything is easy and simple.
Oh yes, as long as registration and use is free:
As I understand it, the date is in the American format (that is, until April 1, 2015, exactly for half a year).
However, as far as I know, even simple decent VPN services cost a few dollars a month. And if for the same money there will also be security, and even with almost no loss in speed (more than 50Mbps), it will be excellent.
In the meantime, all this wealth is completely free.
Use, ask, write your impressions and wishes in the comments.
PS Post is not advertising. Check Point company does not promote its solutions for home Russian users at all.
Source: https://habr.com/ru/post/242197/
All Articles