RE: [FW1] Best Practices for managing a firewalls

Fri, 18 Aug 2000 07:28:04 -0700 


What a mistake ! :o)

No, I'm serious,
the two best search engines are www.altavista.com and www.google.com
try again !

> Francis THELLIER
> 
> 
> -----Message d'origine-----
> De:   Ivan Fox [SMTP:[EMAIL PROTECTED]]
> Date: vendredi 18 ao�t 2000 16:04
> �:    fw1-wizards; Firewall-1
> Objet:        [FW1] Best Practices for managing a firewalls
> 
> 
> I did a search on the subject using yahoo and hotbot, there were only 3
> entries pertaining to it hosted by securityportal.com.
> 
> I need to compile a list of best practices for managing firewalls for
> internal use.  I will send the compiled list to whoever contributed their
> idea/suggestions/comments.
> 
> The following is what I have at the moment for Check Point:
> 
> 1) The OS of choice for Check Point is Solaris for performance and less
> vulnerability
> 2) If NT is used, it should be hardened.  Guidelines can be found on
> www.phoneboy.com or www.deathstar.ch.
> 3) Regardless of OS, apply the current patches.
> 4) Do not run DNS on the firewall device.  If it is absolutely necessary,
> run it as a secondary DNS.
> 5 Do not run anti-virus program on the firewall device.
> 6) Deploy Fail-over/High Availability
> 7) Change to firewall rules must be approved by the info-security team if
> any.  It should not be the same one in the same team/department.
> 8) If service (port) requested is not a "standard" one, check it if it is
> a
> trojan port on Simovits' http://www.simovits.com/nyheter9902.html site.
> 
> Thanks,
> 
> Ivan
> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to