topic Re: Need help in preparing benchmark documents for Checkpoint firewall in General Topics

Need help in preparing benchmark documents for Checkpoint firewall

kapuranirudh — Thu, 10 Oct 2019 07:09:53 GMT

Hi All,

Can anyone help me and tell me the "RISK factors" for the following benchmark conditions:

Ensure Password Minimum length is set
Ensure Password Syntax: Character Types is set
Ensure Password Syntax: ID within Password is set
Ensure Maximun signon attempts is set
Ensure Lockout duration is set
Ensure Reset account lockout counter after
User login to system/device
User logoout from system/device
Retention of created log files
Connection matched by SAM
VPN packet handling errors
VPN configuration & key exchange errors
IP Options drop
File Transfer Protocol (FTP)
Unused Interfaces access
Dynamic routing protocols
ICMP virtual session timeout
Accept stateful UDP replied for unknown services
Accept Stateful ICMP replies
Accept Stateful ICMP errors
Drop and log out of state packets
Drop and log out of state ICMP packets
Explicit firewall management rules present
Accept Remote Access Control connections
Accept outgoing packets originating from Gateway
Accept Web and SSH connections for Gateway's administration
Accept incoming traffic to DHCP and DNS services of gateways
Accept Dynamic Address modules' outgoing Internet connections
IPsec VPN
SSL VPN
IPS
Web Security URL Filtering
Anti-virus and Anti Malware
Anti-Spam and Email Security
Acceleration and Clustering
Voice over IP
Data loss Prevention
Application Control
Logging

Sorry, the list is long, but if you could help me I will be grateful to you, thanks..!!

Re: Need help in preparing benchmark documents for Checkpoint firewall

PhoneBoy — Sat, 12 Oct 2019 01:30:53 GMT

It’s not clear what you mean by “Risk Factors” here.
This also looks like a mix of Global Properties, OS settings, etc.
Can you provide some context around the question?

Re: Need help in preparing benchmark documents for Checkpoint firewall

kapuranirudh — Tue, 22 Oct 2019 12:29:58 GMT

Hi, Thanks for your reply, I wanted to know what happens if the above particular settings are not configured on a checkpoint firewall, then what could be the risk to the firewall. Example: If "Password Minimum length is set" is not followed then "anyone can easily guess the passwords and control the incoming and outgoing traffic to a firewall."

As I am a novice in this field so I hope now I am able to explain my question properly to you. Thanks

Re: Need help in preparing benchmark documents for Checkpoint firewall

G_W_Albrecht — Tue, 22 Oct 2019 13:21:41 GMT

You really have just put together a confusing mix of buzzwords, but no benchmark conditions:

- Ensure ... is something to do to meet standards

- VPN packet handling errors are not RISK factors
- VPN configuration & key exchange errors are not RISK factors
- IP Options drop are not RISK factors
- File Transfer Protocol (FTP) is no RISK factors if configured appropriately

- IPsec VPN is a SW blade, no RISK factor
- SSL VPN is a SW blade, no RISK factor
- IPS is a SW blade, no RISK factor

Also a SW blade, no RISK factor is:

URL Filtering
Anti-virus and Anti Malware
Anti-Spam and Email Security
Acceleration and Clustering
Data loss Prevention
Application Control
Logging

I would rather suggest doing the CCSA and the CCSE certification, study the documentation and suddenly, most of it may be very clear to you 😁 !

Re: Need help in preparing benchmark documents for Checkpoint firewall

FedericoMeiners — Tue, 22 Oct 2019 13:17:09 GMT

Many points of this list are just configurations that achieve certain functionality, therefore many of them don't propose a risk if you don't set them up

For example: Dynamic routing, IPSec VPN, among others.

You should focus on risk of not using security features such as IPS or potential security risks by using Dynamic routing.