Re: [FW1] Best Practices for managing a firewalls

Fri, 18 Aug 2000 08:57:20 -0700 


You forgot BSD (IPSO) for platform of choice. No messing with vunerabilities
on the OS. Failover built in. No chance of running DNS.

----- Original Message -----
From: "Ivan Fox" <[EMAIL PROTECTED]>
To: "fw1-wizards" <[EMAIL PROTECTED]>; "Firewall-1"
<[EMAIL PROTECTED]>
Sent: Friday, August 18, 2000 3:04 PM
Subject: [FW1] Best Practices for managing a firewalls


>
> I did a search on the subject using yahoo and hotbot, there were only 3
> entries pertaining to it hosted by securityportal.com.
>
> I need to compile a list of best practices for managing firewalls for
> internal use.  I will send the compiled list to whoever contributed their
> idea/suggestions/comments.
>
> The following is what I have at the moment for Check Point:
>
> 1) The OS of choice for Check Point is Solaris for performance and less
> vulnerability
> 2) If NT is used, it should be hardened.  Guidelines can be found on
> www.phoneboy.com or www.deathstar.ch.
> 3) Regardless of OS, apply the current patches.
> 4) Do not run DNS on the firewall device.  If it is absolutely necessary,
> run it as a secondary DNS.
> 5 Do not run anti-virus program on the firewall device.
> 6) Deploy Fail-over/High Availability
> 7) Change to firewall rules must be approved by the info-security team if
> any.  It should not be the same one in the same team/department.
> 8) If service (port) requested is not a "standard" one, check it if it is
a
> trojan port on Simovits' http://www.simovits.com/nyheter9902.html site.
>
> Thanks,
>
> Ivan
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to