topic Best Practice Guidelines for Security gateway in Firewall and Security Management

Best Practice Guidelines for Security gateway

MtxMan — Fri, 25 Nov 2022 16:41:28 GMT

Hi Checkmates,

My new customer annually will conduct hardening or best practice configuration for each security product. Just digging to Check Point admin guide and sk related to this guidelines but not found anything.

They give me a some example like palo alto use best practice assessment to help customer hardening or guidelines for the palo firewall.. how about Check Point? Does anyone has some idea or information about my question? Thanks!

Re: Best Practice Guidelines for Security gateway

the_rock — Fri, 25 Nov 2022 17:03:20 GMT

Hope below things are helpful:

https://community.checkpoint.com/t5/Management/Checkpoint-Hardening-Benchmark/td-p/54220

https://community.checkpoint.com/t5/Security-Gateways/Gaia-Hardening-for-R81/td-p/102561

Andy

Re: Best Practice Guidelines for Security gateway

Chris_Atkinson — Sun, 27 Nov 2022 02:49:48 GMT

There are the CIS benchmarks published by the community also the Compliance Blade might be helpful to you here.

https://community.checkpoint.com/t5/Compliance/CIS-Benchmarks/td-p/134755

Andy has provided some links to previous discussion regarding similar.

Re: Best Practice Guidelines for Security gateway

MtxMan — Sun, 27 Nov 2022 01:19:15 GMT

how about best practice configuration tools? is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

Re: Best Practice Guidelines for Security gateway

MtxMan — Sun, 27 Nov 2022 01:20:44 GMT

yes i already talked with customer to use Compliance Blade but they said some competitor giving them for free like bpa by paloalto. is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

Re: Best Practice Guidelines for Security gateway

Chris_Atkinson — Sun, 27 Nov 2022 02:50:23 GMT

AV & IPS should be tailored to the configuration of the assets that you are protecting, this will be different between environments.

Comparing BPA to Compliance Blade isn't really useful/accurate. In any case if they simply wish to try it (Compliance) there are evaluation licenses.

Re: Best Practice Guidelines for Security gateway

the_rock — Sun, 27 Nov 2022 13:05:29 GMT

Personally, while compliance blade is nice to have, I dont find you get a lot of value out of it. It tells you what 100% of what IT people already know...dont use any for services, use urlf and app layer, anti spoofing prevent, things like that. I have a feeling that if you were to follow everything compliance blade report tells you, your rule base would be locked down to the point where it would be almost not sustainable.

Re: Best Practice Guidelines for Security gateway

Chris_Atkinson — Sun, 27 Nov 2022 03:06:06 GMT

Appreciate the spirit of this feedback but of course you aren't meant to turn on everything Compliance blade has since not all industries conform to the same regulatory & compliance standards etc.

The idea is you enable what is relevant to you and it helps keep you on track or improve.

Re: Best Practice Guidelines for Security gateway

the_rock — Sun, 27 Nov 2022 03:13:04 GMT

Of course, I get what you are saying. I had one client try it and while they did like the blade, they definitely expected more out of it.

Re: Best Practice Guidelines for Security gateway

_Val_ — Mon, 28 Nov 2022 07:44:48 GMT

Compliance Blade is free for the first year.