Protocols & Related Defenses
Session Layer

Check Point's perimeter, internal and web security gateway solutions block many attacks and provide numerous attack prevention safeguards. This table lists some of these defenses and organizes them by protocol and OSI Model layer. Note: Check Point continually expands the breadth of defenses provided. This table is a snapshot not an exhaustive list. Application Layer Session Layer Transport Layer Network Layer
Download the List of Defenses [PDF]
Session Layer
Attack Prevention Safeguards	Attacks Blocked
RPC
Block RPC portmapper exploits	ToolTalk Attacks snmpXdmid Attack rstat Attacks mountd Attack cmsd Attack cachefsd Attack
DEC-RPC
Block DCE-RPC portmapper exploits Allow endpoint mapper communications via EPM port only Allow only authenticated DCOM	Blaster Sasser
SUN-RPC
Block SUN-RPC interface scanning Enforce RPC protocol through inspection of packet lengths
HTTP Proxy
HTTP Proxy enforcement: Enforce HTTP session logic in proxy mode
VPN
Validate digital certificates used against Certificate Revocation List Monitor for pre-shared secrets vulnerability	IKE Brute Force Attack Hub-and-Spoke Topology Attack IKE UDP DoS Attack Windows 2000 IKE DoS Attack VPN IP Spoffing Attack VPN Man-in-the-Middle Attacks IKE Aggressive Mode Attacks
SSL
Protect against SSL Null Pointer Attacks	Microsoft PCT worm