OPSEC Software Development Kit

The OPSEC Software Development Kit (SDK) is the ideal resource for those who wish to integrate their applications and network security systems with the industry's leading enterprise security solutions. It is available to independent software vendors, value-added resellers of Check Point software, network integrators and end users. A collection of APIs (Application Programming Interfaces), standard protocol interface definitions, and a set of C libraries are provided to enable the development of OPSEC compliant solutions. These clearly defined interfaces enable integration with Check Point without delving into the complexity of the underlying architecture which provides a complete client/server communications infrastructure. With the OPSEC SDK, a competent developer can bring an integrated solution to market in a fraction of the time normally required. Listed below are the APIs, integration points and possible applications.

Download the OPSEC SDK
NG Enhancements

Pre-requisites for Using the SDK
The OPSEC SDK is intended for use by software developers with an understanding of the Check Point products and technologies and C programming. Implementation experience with this and other security products as well as prior experience with networking and communication protocols such as TCP/IP, LDAP and RADIUS is recommended.

OPSEC SDK Features:

Defines all OPSEC APIs necessary for integration
Includes C libraries, header files and supporting documentation
Supports industry-standard protocols
Enables distributed deployment of integrated applications via secure TCP/IP connections
Provides tools and sample code for development and debugging assistance

OPSEC SDK Benefits:

Integrate applications with Check Point products quickly and easily
Minimize maintenance costs by integrating with Check Point products at the API level, ensuring future interoperability
Integrate your application at the policy level with best-of-class security products

Security Enforcement

OPSEC API	Integration Point	Integration Capability	Potential Applications
CVP Content Vectoring Protocol	Gateway	Allows FireWall-1/VPN-1 to vector file content to a third party content analysis server.	• Analysis and modification or blocking of email message content. • Anti-virus scans and cures of email attachments and file transfers. • Scan and/or block executables including Java and ActiveX.
UFP URL Filtering Protocol	Gateway	Enables FireWall-1/VPN-1 to send URLs to third party server for categorization.	• Block access to specific Web sites or categories of sites. • Monitor access to Web sites by category.
SAM Suspicious Activities Monitoring	Gateway	Instruct FireWall-1/VPN-1 to block connections initiated by potential intruders.	• Active response intrusion detection systems based on real time network or server analysis.
UAA UserAuthority API	Gateway	Enables sharing of VPN and LAN user authentication data with applications	• Seamless sign-on • Enhanced network services based on user profile or location • Billing/auditing based on user rather than connection • Provide VPN access directly to legacy LAN-based applications • Leverage SVN openPKI support for multi-CA authentication • Leverage all authentication systems supported through OPSEC
SCV Security Configuration Verification API (NG Only)	Desktop	Provides third party application to report security status to SecureClient which uses the information to determine the overall security configuration of the computer.	• Anti-Virus SCV checks to verify the version of the virus definition file.
SAA Secure Authentication API	Desktop	Provides authentication token vendors with a SecuRemote integration API.	• Remote Access using SecuRemote with an Authentication Token.

Management

OPSEC API	Integration Point	Integration Capability	Potential Applications
CPMI Check Point Management Interface (NG Only)	Gateway	Provides secure access to the Check Point object repository located on the Check Point Management Server while maintaining its integrity.	• Access authentication information to provide single-sign-on. • Audit and generate reports or alerts about changes to the object repository. • Automate management of certain aspects of FW-1/VPN-1 triggered by network activity or management events.
AMON Application Monitoring (NG Only)	Gateway	Enables network applications to report their status to the Check Point Management server. Status information is available via CPMI or the Check Point Status Monitoring application.	• Centralize status information of security devices and applications. • Leverage Check Point Status monitoring application and infrastructure.
CPRA Check Point RemoteAdmin Utility (NG Only)	Gateway	Enables One-Click configuration of the OPSEC infrastructure.	• Open to all OPSEC SDK Partners to enable an end user to register a new OPSEC application into the Check Point SmartCenter Server database during installation of the OPSEC application.
SmartUpdate (NG Only)	Gateway	Enables remote OPSEC package management.	• An OPSEC Application on a remote system with the Secure Virtual Network (SVN) foundation installed and a trusted connection with the SmartCenter Server can be centrally managed using a SmartUpdate Client connected to the SmartCenter Server.

Reporting & Logging

OPSEC API

Integration
Point

Integration Capability

Potential
Applications

LEA
Log Export API

Gateway

Retrieve real-time and historical log information from FireWall-1/VPN-1 in a secure manner.

• Security event analysis and reporting.

• Integration with enterprise event management, accounting and billing systems.

• Usage monitoring and reporting.

ELA
Event Logging API

Gateway

Enables applications to securely send information to the central FireWall-1 log database.

• Applications that wish to log an event into the firewall database.

• Applications that wish to consolidate their event notification scheme into the firewall.