Home > Store

Essential Check Point Firewall-1™: An Installation, Configuration, and Troubleshooting Guide

Register your product to gain access to bonus material or receive a coupon.

Essential Check Point Firewall-1™: An Installation, Configuration, and Troubleshooting Guide

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2002
  • Dimensions: 7-3/8x9-1/4
  • Pages: 544
  • Edition: 1st
  • Book
  • ISBN-10: 0-201-69950-8
  • ISBN-13: 978-0-201-69950-0

“Dameon’s knowledge of FireWall-1, which in many cases has surpassed the knowledge of Check Point’s own engineers, hasalways impressed me. This book is yet another proof of Dameon’sdeep understanding of FireWall-1’s internals as well as itsimplementation methodologies. I strongly recommend this book to anyFireWall-1 user who wishes to master the product.”
—Nir Zuk,CTO, OneSecure, Inc. Formerly, Principal Engineer at Check PointSoftware

“This book is a fabulous resource for running FireWall-1reliably and securely. It’s the single best source ofinformation I’ve ever seen on how to map security and businessrequirements into FW-1 rules and configurations. The hordes of sampleconfigurations are the best way to demonstrate the advice andexplanations in practice. If you’re using FireWall-1, you needthis book.”
—Tina Bird, Security Architect at CounterpaneInternetSecurity and moderator of the Virtual Private Networks mailinglist

“FireWall-1 is a critical security application, more widelyused than any other by far, that relies on proper configuration andusage to be effective. Dameon’s book can be counted as thedefinitive reference—required reading for anyone using CheckPoint’s FireWall-1 security software.”
—Kelly Robertson,Senior Sales Engineering Manager for Nokia InternetCommunications


Packed with practical, hands-on techniques, thisinsider’s guide explains how to build, implement, and maintainthe world’s best-selling firewall product, Check PointFireWall-1. Featuring tools, tips, and checklists not found in othersources, the book brings manageability, reliability, and efficiency totoday’s standalone or distributed networks.

Essential Check Point FireWall-1 coversevery major feature of the product providing working solutions toreal-world situations. Filled with screen shots and sampleconfigurations, the book features step-by-step instructions that canbe replicated on standard equipment easily. Developed through years ofactual product support, this guidebook is an invaluable resource fornetwork professionals working on UNIX or Windows NT platforms.

Key coverage includes:

  • Firewall overview; planning,installation, and deployment of firewall security
  • Building arulebase and using the Policy Editor application
  • Logging andalerting
  • Managing multiple firewall modules from a singlemanagement console
  • Authentication and security issues
  • Addressingtranslation (NAT)—why it’s important and how it’sconfigured within FireWall-1
  • Encryption (site-to-site andclient-to-site Virtual Private Networks)
  • INSPECT—an overviewof the language at the heart of FireWall-1

    Authoritative andpractical, this comprehensive guidebook provides real-world solutionsand techniques necessary for planning, installing, and deploying theworld’s leading firewall product.



    0201699508B10172001

  • Extras

    Related Articles

    Getting Your Check Point Firewall-1 Certifications

    More Than a Firewall

    Author's Site

    Click below for Author's Site related to this title:
    Author's Web Site

    Sample Content

    Online Sample Chapters

    Fun With Check Point Licensing

    Network Address Translation

    Downloadable Sample Chapter

    Click below for Sample Chapter related to this title:
    welchch09.pdf

    Table of Contents



    Foreword.


    Preface.


    1. Introduction to FireWalls.

    What is a Firewall?

    What a Firewall Cannot Do.

    Overview of Firewall Security Technologies.

    Packet Filters.

    Application Proxies.

    Stateful Inspection.

    Technology Comparison: Passive FTP.

    Technology Comparison: Traceroute.

    What Kind of Firewall is FireWall-1?

    Do You Really Need FireWall-1?

    More Information.



    2. Planning your FireWall Installation.

    Network Topology.

    A Word about Subnetting.

    Developing a Site-Wide Security Policy.

    The What, Who, and How.

    Implementing Firewalls Without a Written Security Policy.

    An Example Security Policy.

    Fun with Check Point Licensing.

    Node-Limited Firewall Licenses.

    Single Gateway Products.

    Inspection Module.

    FireWall-1 Host.

    Management Console.

    Motif GUI Licenses.

    Small Office Products.

    Getting Licenses.

    Summary.



    3. Installing FireWall-1.

    Selecting an Operating System.

    Windows NT.

    Sparc Solaris.

    x86 Solaris.

    AIX and HPUX.

    Nokia Security Platform (IPSO).

    Linux.

    Installing the Operating System.

    Preparing for the OS Installation.

    Guidelines for OS Installation.

    Securing the Operating System.

    Installing FireWall-1.

    Unix-Based Systems.

    Windows NT/2000.

    Summary.



    4. Building Your Rulebase.

    The Management GUIs.

    Configuring a Management User.

    Configuring IPs to run the GUIs from.

    What Files the GUI Modifies.

    Security Policy Editor Restrictions.

    GUI Demonstration Mode.

    Rulebase Components.@AHEADS = Objects.

    Anti-Spoofing.

    Policy Properties.

    Rules.

    Order of Operations.

    Making Your First Rulebase.

    Knowing Your Network.

    Defining Your Objects.

    Determining Your Policy.

    Rules That Should Be In Every Rulebase.

    Installing the Policy.

    Frequently Asked Questions.



    5. Logging and  Alerting.

    The System Status Viewer.

    The Log Viewer.

    Viewing Logs from the Command Line.

    Active Mode and Blocking Connections.

    Alerts.

    Messages in the Log.

    Log Maintenance.



    6. Remote Management.

    The Components.

    The Management GUIS.

    Configuring a User.

    Configuring IPs to run from.

    What Files the GUIs Modify.

    Security Policy Editor Restrictions.

    GUI Demonstration Mode.

    The Management Console to Firewall Module Connection.

    control.map file.

    How Do the Different Authentication Schemes Work?

    The fw putkey Command.

    Establishing an Authenticated Control Connection.

    Special Remote Management Conditions.

    What Can You DO With Remote Management.

    Control Policy on Firewall Module.

    View State Tables of Firewall Modules.

    Suspicious Activity Monitoring.

    Updating Licenses.

    Moving Management Consoles.

    Moving a Firewall Module off the Management Console.

    Moving the Management Console off a Firewall Module.

    Troubleshooting Remote Management Issues.

    GUI Issues.

    Firewall/Management Module Issues.

    Labs.



    7. Authentication.

    Passwords.

    FireWall-1 Password.

    OS Password.

    S/Key.

    SecurID.

    Axent Pathways Defender.

    RADIUS.

    TACACS / TACACS+.

    LDAP.

    How Users Authenticate.

    User Authentication.

    Session Authentication.

    Client Authentication.

    Which Type Should You Choose?

    Setting Up Authentication.

    Creating Users.

    Setting Supported Authentication Schemes.

    User Authentication.

    Session Authentication.

    Client Authentication.

    Integrating External Authentication Servers.

    FAQs.

    Troubleshooting Authentication Issues.



    8. Content Security.

    The Security Servers.@AHEADS = A Word About Licensing.

    CVP and UFP.

    Resources and Wildcards.

    HTTP Security Server.

    Filtering HTTP Without a UFP or CVP Server.

    UFP with the HTTP Security Server.

    CVP with the HTTP Security Server.

    FTP Security Server.

    SMTP Security Server.@AHEADS = $FWDIR/conf/smtp.conf.

    SMTP Resources.

    TCP Security Server.

    Frequently Asked Questions.

    General Security ServerQuestions.

    FTP Security Server.

    SMTP Security Server.

    HTTP Security Server.

    Performance Tuning for the Security Servers.

    Troubleshooting Content Security Issues.



    9. Network Address Translation.

    Introduction.

    RFC-1918.

    How NAT Works in FireWall-1.

    Order of Operations.

    Implementing NAT: A Step-by-Step Example.

    Determine which IP addresses will be used.

    Proxy ARPs.

    Static Host Routes.

    Network Objects.

    Anti-Spoofing.

    Security Policy Rules.

    Address Translation Rules.

    Limitations of NAT.

    Dual NAT.

    Binding the NATted IP Address to the Loopback Interface.

    Troubleshooting.

    ARPs.

    SYN Packets with No Response.

    SYN Followed by RST.

    Summary.



    10. Encryption (Site-to-Site VPNs).

    Introduction to VPNs.

    Concepts.

    Encryption.

    Encryption Key.

    Symmetric Encryption.

    Asymmetric Encryption.

    Certificate Authority.

    Diffe-Hellman.

    Encryption Domain..

    A Word About Licensing.

    Supported Key Management and Encryption Schemes.@AHEADS = FWZ.

    IPSec.

    Manual IPSec.

    SKIP.

    IKE (ISAKMP/OAKLEY).

    How to Configure Encryption.@AHEADS = Planning Your Deployment.

    IKE.

    Manual IPSEC.

    SKIP and FWZ.

    Gateway Clusters and High Availability VPNs.

    FAQs.

    Troubleshooting VPN Problems.

    Summary.

    Labs.

    Q and A.



    11. SecuRemote and Secure Client (Client to FireWall-1 VPNs).

    Introduction.

    A Word About Licensing.

    Steps to Configure SecuRemote on FireWall-1.

    Choosing an Encryption Scheme.

    Configuring Firewall Object for SecuRemote.

    Creating Users for use with SecuRemote.

    Client Encryption Rules.

    Desktop Security Options.

    Installing Secure Client.

    High Availability and Multiple-Entry Point Configurations.

    Hybrid Authentication Mode for IKE.

    FAQs.

    Troubleshooting.



    12. High Availability.

    What is High Availability.

    State Synchronization.

    HA Solutions.

    Stonebeat.

    Rainfinity.

    Nokia.

    Check Point's HA Module.

    Issues with High Availability.

    Licensing.

    Managing Multiple Firewalls.

    Load Balancing.

    Asymmetric Routing.



    13. Inspect.

    What is INSPECT?

    Basic INSPECT Syntax.

    Conditions.

    Constants.

    Registers.

    Manipulating Table Entries.

    Creating Your Own Tables.

    How Your Rulebase is Turned into INSPECT.

    Services of Type Other.

    Sample INSPECT Code.

    Allowing Outbound Connections to a SecuRemote Client.

    PPTP.

    Allowing a Connection Based on a Previous Connection.

    HTTP.

    Ping and Traceroute.

    Default filter.

    fw monitor.



    Appendix A: Securing Your Bastion Host.


    Appendix B: firewall-1.conf File for Use with OpenLDAP v1.


    Appendix C: firewall1.schema File for Use with OpenLDAP v2.


    Appendix D: Complete Program for Stateful Inspection of HTTP.


    Appendix E: Complete Program for Stateful Inspection of Ping and Traceroute.


    Appendix F: NSPECT Script for Different Policies on Different Interfaces.


    Appendix G: Sample defaultfilter.pf file.


    Appendix H: Sample Internet Usage Policy.


    Appendix I: Performance Tuning.


    Appendix J: Other Resources.


    Appendix K: Further Reading.


    Index. 0201699508T05222001

    Preface

    Every book has to have a chapter that explains it. This book is no exception. By the end of the Preface, you should know:

  • How this book came to be
  • What this book is and is not
  • Why you should buy (or sell) this book
  • What typographical conventions are used in this book
  • Some of the people who made this book possible
  • How This Book Came to Be

    In 1996, I began to support Check Point FireWall-1. Things were quite different back then. FireWall-1 was a much simpler product, Check Point did not have much of a support department, and there were really no public resources on FireWall-1 aside from a mailing list. My employer at the time had a little known Web site that had many frequently asked questions (FAQ) on FireWall-1. This Web site was the impetus that helped to create PhoneBoy’s FireWall-1 FAQ, which I started in April 1998.

    Because of my Web site and my participation on the FireWall-1 mailing list, I became well known and respected in the FireWall-1 community. My FAQ page was and still is considered one of the definitive resources on FireWall-1. Even people within Check Point use my page, and they also send me corrections from time to time.

    Several people had approached me about the idea of writing a book on the topic of FireWall-1. Such a project seemed rather large, and I was unsure of my ability to tackle it alone. It was little more than an idea until Lance Spitzner approached me to be a coauthor on a book on FireWall-1. Sensing the scope of such a project, I brought in Jerald Josephs, who was also well known in the FireWall-1 community, and in June 1999, we began to write.

    Somewhere in the middle of this project, it came to pass that I was the only person left working on this book. The details why are not important, but it was not part of the original plan. My life had changed dramatically with the birth of my son, Jaden, especially the amount of time I could spend on this project. However, I felt I had come too far not to finish; so with a little more determination, I set about the task of finishing this book.

    What This Book Is and Is Not

    What you are holding in your hands now is a book about Check Point FireWall-1. It covers the essentials of the product. Each chapter discusses a major feature of the product or a specific topic that will help you plan for your FireWall-1 installation. You get step-by-step configuration instructions for many features in FireWall-1 complete with screen shots and several sample configurations that you can try. The book also includes lots of information from my FireWall-1 FAQ.

    Although I do cover most features in FireWall-1, not every feature of FireWall-1 is covered in this text. Those features I have chosen to cover are based on my experience as someone who has supported this product since 1996. Other peripheral topics, like encryption and network security, are covered briefly as they relate to FireWall-1, but are not covered in great detail. I feel that other authors do a better job of covering these topics.

    A summary of the chapters in this book follows. Note that where sample configurations are said to exist in a chapter, it means there are step-by-step examples that you can follow to set up your own equipment, provided you have it.

    Chapter 1: Introduction to Firewalls briefly discusses firewalls in general, the different technologies used in today’s firewalls, and how they are used in FireWall-1.

    Chapter 2: Planning Your Firewall Installation talks about the issues that should be considered prior to installing a firewall, such as understanding your current network topology, establishing a formalized security policy, and reviewing the various types of licenses that exist in FireWall-1.

    Chapter 3: Installing FireWall-1 walks you through the initial configuration of FireWall-1 when it is loaded for the first time. This chapter also covers the basics of preparing your system for a firewall installation.

    Chapter 4: Building Your Rulebase explains the basics of creating a security policy within FireWall-1 and includes how to use the Policy Editor application.

    Chapter 5: Logging and Alerts explains how logging and alerting works in FireWall-1. Details about how to use the Log Viewer and System Status Viewer applications are also provided.

    Chapter 6: Remote Management explains how to manage multiple firewall modules from a single management console. Sample configurations are provided in this chapter.

    Chapter 7: Authentication explains how you can provide access control for services based on individual users. Sample configurations are provided in this chapter.

    Chapter 8: Content Security explains how you can restrict the kind of content that enters or leaves your network via HTTP, FTP, and SMTP. Sample configurations are provided in this chapter.

    Chapter 9: Network Address Translation explains what NAT is, why it is a necessary evil, and how to configure NAT within FireWall-1. Sample configurations are provided in this chapter.

    Chapter 10: Site-to-Site VPNs explains what a Virtual Private Network (VPN) is and how to configure FireWall-1 to support this feature. Sample configurations are provided in this chapter.

    Chapter 11: SecuRemote and Secure Client builds on Chapter 10. It explains how to establish client-to-site VPNs using Check Point’s Windows-based VPN client called Secure Client, which is also known as SecuRemote. Sample configurations are provided in this chapter.

    Chapter 12: High Availability explains state synchronization and how it plays a role in High Availability firewalls. Also covered are the problems that arise when implementing multiple firewalls in parallel along with some ideas on how to overcome these problems.

    Chapter 13: INSPECT is an overview of the language that is the heart of Check Point’s FireWall-1. Several examples of working INSPECT code are provided in the chapter as well as in the appendices.The Appendices cover topics such as hardening an operating system, sample INSPECT code, performance tuning, recommended books, and Web sites on the Internet to obtain software and more information.

    Thanks To:

  • My wife, Alisa, and my son, Jaden, who put up with me spending far more time working on this book than any of us planned. If it were not for their patience, I would have never finished this book.
  • Lance Spitzner and Jerald Josephs, who played a big role in this book taking shape. If it were not for you two, I would not have even started this book in the first place.
  • Matthew Gast, for allowing me to commiserate with him as a fellow author, for motivation, and for reviewing the book.
  • Derin Mellor for providing me with several ideas that I used in Chapter 12.
  • Atul Sharma and Michael Williams for their help in fleshing out Chapter 13. Atul also provided a sample INSPECT script included in Appendix F.
  • My editors: Stephane Thomas, Marcy Barnes, and Anne Marie Walker.
  • My reviewers: Joe Balsama, Paul Keser, and Bob Bruen. Your reviews were invaluable to this process.
  • Folks at Nokia: Paul Esch, Matthew Gulbranson, John Spiller, Qian Zhao, John Kobara, Bo Chen, Ed Ingber, Claudio Basegra, Scott McComas, “Uncle” Kelly Robertson, and all the guys in TAC.
  • Folks at Check Point: Bob Bent, Luanne Lemmer, Oren Green, Patrick Plawner, Reut Sorek, Gilad Yadin, Gil Carman, Erica Ziemer, and Tiffany Shockley.
  • A bunch of people who I’m sure I’ve forgotten.
  • And finally, to the rest of you who have visited my Web site, contributed to the process, and kept me employable.
  • Dameon D. Welch-Abernathy
    a.k.a. PhoneBoy
    dwelch@phoneboy.com
    PGP Fingerprint: 72A2 8D9D BDC0 98D2 1E5D 3A2D 09D0 A5C1 597F 5D2A
    July 2001



    0201699508P10162001

    Index


    AAccount names, securing hosts, Windows NT platform, 462–463
    Accounting mode, Log Viewer, 107
    ACEswitch and ACEdirector (Alteon/Nortel Networks), 422
    Action, element of rules, 74–75
    Active mode, Log Viewer, 107–111
    Address range network objects, rulebases, 64
    AIX platform
        FireWall-1 installation, 35–41
        hostid-based licensing, 20
        log switching, 117
        OSs, installing, 31
        OSs, securing, 33
        OSs, selecting, 23
        OSs, selecting, advantages/disadvantages, 26–27
        state tables, memory usage, 497
    Alerts
        Log and Alert tab, Rulebase Properties, 111–113
        viewing in System Status Viewer, 99–101
    Alteon/Nortel Networks ACEswitch and ACEdirector, 422
    Anti-spoofing, Policy Editor
        NAT, 284
        rulebases, 68–69
    Application proxies
        security technology type, 3–4
        versus passive FTP, 5
        versus traceroute tool, 7
    ARPs, NAT (Network Address Translation), 280–283, 291–292
    Asymmetric encryption, 314–315
    Asymmetric routing, High-Availability, 420–421
    Authentication process
        authentication schemes, 124–125
        authentication schemes, changing, 145–147
        Axent Pathways Defender servers, integration, 184–185
        Axent Pathways Defender servers, passwords, 156–157
        basics, 121
        Client Authentication, 162–165
        Client Authentication, sample, 215–217
        Client Authentication, setup, 180–183
        controlled connections between firewall modules and management consoles, 126–132
        FAQs, 194–204
        fw putkey command, 125–126
        $FWDIR/lib/control.map file, 121–124
        integrating external servers, 183–194
        LDAP servers, integration, 188–194
        LDAP servers, passwords, 158
        passwords, FireWall-1 Password schemes, 154
        passwords, One-Time Password (OTP) schemes, 154
        passwords, operating system (OS) schemes, 154
        passwords, seed passwords, 124
        passwords, skey schemes, 154–155
        RADIUS servers, integration, 185–187
        RADIUS servers, passwords, 157
        remote management, troubleshooting, 138–141
        SecurID servers, integration, 184
        SecurID servers, passwords, 156
        selecting type of authentication, 166
        Session Authentication, 161–162
        Session Authentication, sample, 213–214
        Session Authentication, setup, 179–180
        setup, basics, 166
        setup, creating users, 167–173
        TACACS/TACACS+ servers, integration, 187–188
        TACACS/TACACS+ servers, passwords, 157–158
        troubleshooting, 204–210
        types of authentication, supported in control.map file, 123–124
        User Authentication, 158–161
        User Authentication, order of rules, 178–179
        User Authentication, sample, 210–213
        User Authentication, setup, 174–177
    Automatic Update option, System Status Viewer, 101–102
    Axent Pathways Defender servers
        authentication process, integration, 184–185
        authentication process, passwords, 156–157

    BBackward Compatibility module, Windows NT platform, 41–42
    Books, resources, 507

    CCAs (Certificate Authorities), defined, 315
    Certificate keys, FireWall-1 licenses, 20
    Check Point
        High Availability Module, 422
    Check Point (cont.)
        licensing, 17–18
        licensing, client-to-site VPNs, 366–367
        licensing, node-limited licenses, 18–19
        licensing, obtaining licenses, 20–21
        licensing, remote management, firewall modules, 134–135
        licensing, site-to-site VPNs, 316–317
        licensing, third-party products, 219–220
        removing banner from authentication process, 199
    Client Authentication
        basics, 162–165
        sample, 215–217
        setup, 166–171, 180–183
    Client-to-site VPNs (Virtual Private Networks)
        basics, 365–366
        configuration, client encryption rules, 371–372
        configuration, creating users, 369–371
        configuration, desktop security, 373–375
        configuration, HA (High-Availability), 379–380
        configuration, IP Pool NAT, 379–381
        configuration, multiple entry points, 379–382
        configuration, of firewall workstation object, 368–369
        configuration, sample, Gateway Clusters, 406–409
        configuration, sample, multiple entry points, 409–413
        configuration, sample, simple client-to-site VPNs, 402–406
        configuration, selecting encryption scheme, 367–368
        FAQs, 386–396
        IKE Hybrid Authentication mode, 382–384
        installation, 376–379
        licensing with FireWall-1, 366–367
        Microsoft networking, 384–386
        troubleshooting, 396–402
    Command line
        Log Viewer actions, 109–111
        remote management, controlling policies from firewall module, 132–133
        remote management, updating licenses, 134–135
        remote management, viewing state tables of firewall modules, 133–134
        system status, 102–103
        viewing logs, 106–107
    Comment, element of rules, 75
    Content Security
        CVP, basics, 220–221
        CVP, resources, 221
        CVP, wildcards, 221
        FTP Security Server, basics, 242–244
        FTP Security Server, FAQs, 244–246
        FTP Security Server, sample configuration, 263–266
        HTTP Security Server, FAQs, 231–234
        HTTP Security Server, performance tuning, 234–240
        HTTP Security Server, sample configuration, 266–270
     

    Updates

    Submit Errata

    More Information

    InformIT Promotional Mailings & Special Offers

    I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

    Overview


    Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

    This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

    Collection and Use of Information


    To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

    Questions and Inquiries

    For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

    Online Store

    For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

    Surveys

    Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

    Contests and Drawings

    Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

    Newsletters

    If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

    Service Announcements

    On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

    Customer Service

    We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

    Other Collection and Use of Information


    Application and System Logs

    Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

    Web Analytics

    Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

    Cookies and Related Technologies

    This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

    Do Not Track

    This site currently does not respond to Do Not Track signals.

    Security


    Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

    Children


    This site is not directed to children under the age of 13.

    Marketing


    Pearson may send or direct marketing communications to users, provided that

    • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
    • Such marketing is consistent with applicable law and Pearson's legal obligations.
    • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
    • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

    Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

    Correcting/Updating Personal Information


    If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

    Choice/Opt-out


    Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

    Sale of Personal Information


    Pearson does not rent or sell personal information in exchange for any payment of money.

    While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

    Supplemental Privacy Statement for California Residents


    California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

    Sharing and Disclosure


    Pearson may disclose personal information, as follows:

    • As required by law.
    • With the consent of the individual (or their parent, if the individual is a minor)
    • In response to a subpoena, court order or legal process, to the extent permitted or required by law
    • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
    • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
    • To investigate or address actual or suspected fraud or other illegal activities
    • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
    • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
    • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

    Links


    This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

    Requests and Contact


    Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

    Changes to this Privacy Notice


    We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

    Last Update: November 17, 2020