sunhux
asked on
Hardening for Gaia & Fortigate
Is there Checkpt Gaia & Fortigate hardening guidelines?
If there is, can point me to where to download & if there's none,
a paper from the principals recommending not to harden them
is appreciated.
If there is, can point me to where to download & if there's none,
a paper from the principals recommending not to harden them
is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
2 Permitted IP Addresses to SSH and HTTPS to device. Allow only permitted admin access to manage the firewall via SSH and HTTPS.
3 Disable HTTP and Telnet to the Management Interface for device management HTTP and Telnet options should not be enabled for device management.
4 Timeout for Login Sessions Device is configured to automatically disconnect sessions after a fixed idle time. This prevents unauthorised users from misusing abandoned sessions.
5 Custom Login Banners Create a custom login banner when user log into using SSH and login page of web interface (HTTPS)
6 Password Complexity This checks all new passwords to ensure that they meet basic requirements for strong passwords.
7 Password Expiration This defines how long a user can use a password before it expires.
8 Default Password This will change the default password of pre-defined users in Check Point
9 SNMP Polling For SNMP polling, only SNMPv3 should be used.
10 SNMP Trap To generate SNMP traps for system, traffic, or threat logs
11 Syslog messages to be sent to external system Syslog messages for system, configuration, traffic and threat
12 NTP Settings Configuration of (NTP) timeservers used to synchronize the device clock
13 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist Create security policies specifying the specific ports desired. The Service setting of any should not be used for any policies that allow traffic.
14 Ensure 'Security Policy' denying any/all traffic exists at the bottom of the security policies ruleset Create a security rule at the bottom of the security policies ruleset denying any traffic, regardless of source, destination, or application. Ensure this policy is set to log
15 Disable Dynamic Routing Disable configuration of dynamic routing for BGP, OSPF, RIP, Multicast
16 Port Security Shutdown all unused ports.
17 IPv6 Settings Disable IPv6 Settings on interfaces.
18 IPv6 Settings Enable IPv6 Settings on specific interfaces
19 Signatures and Versioning Ensure that signatures and version of firewall is up to date