Don't forget to peruse RFC2196, www.anticode.com,
packetstorm.com, www.robertgraham.com,
www.securityfocus.com, NIST, and
most definitly www.enteract.com/~lspitz.
There, do I get a copy too ;-)
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Ivan Fox" <[EMAIL PROTECTED]> 8/18/00 10:04:06 AM >>>
>
>I did a search on the subject using yahoo and hotbot, there were only 3
>entries pertaining to it hosted by securityportal.com.
>
>I need to compile a list of best practices for managing firewalls for
>internal use. I will send the compiled list to whoever contributed their
>idea/suggestions/comments.
>
>The following is what I have at the moment for Check Point:
>
>1) The OS of choice for Check Point is Solaris for performance and less
>vulnerability
>2) If NT is used, it should be hardened. Guidelines can be found on
>www.phoneboy.com or www.deathstar.ch.
>3) Regardless of OS, apply the current patches.
>4) Do not run DNS on the firewall device. If it is absolutely necessary,
>run it as a secondary DNS.
>5 Do not run anti-virus program on the firewall device.
>6) Deploy Fail-over/High Availability
>7) Change to firewall rules must be approved by the info-security team if
>any. It should not be the same one in the same team/department.
>8) If service (port) requested is not a "standard" one, check it if it is a
>trojan port on Simovits' http://www.simovits.com/nyheter9902.html site.
>
>Thanks,
>
>Ivan
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
