Try to avoid using implied rules and put any necessary 'implied' rule in
your policy as a normal rules. In my opinion this avoids any confusion and
makes your policy more comprehendible.
I personally would also try to avoid the designation "ANY" in the source,
destination, or service fields whenever possible. Always be specific
when/if possible.
Jarrett
-----Original Message-----
From: Ivan Fox [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 18, 2000 10:04
To: fw1-wizards; Firewall-1
Subject: [FW1] Best Practices for managing a firewalls
I did a search on the subject using yahoo and hotbot, there were only 3
entries pertaining to it hosted by securityportal.com.
I need to compile a list of best practices for managing firewalls for
internal use. I will send the compiled list to whoever contributed their
idea/suggestions/comments.
The following is what I have at the moment for Check Point:
1) The OS of choice for Check Point is Solaris for performance and less
vulnerability
2) If NT is used, it should be hardened. Guidelines can be found on
www.phoneboy.com or www.deathstar.ch.
3) Regardless of OS, apply the current patches.
4) Do not run DNS on the firewall device. If it is absolutely necessary,
run it as a secondary DNS.
5 Do not run anti-virus program on the firewall device.
6) Deploy Fail-over/High Availability
7) Change to firewall rules must be approved by the info-security team if
any. It should not be the same one in the same team/department.
8) If service (port) requested is not a "standard" one, check it if it is a
trojan port on Simovits' http://www.simovits.com/nyheter9902.html site.
Thanks,
Ivan
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
