This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
‎2021-07-12 04:38 AM

Layers of Defense

** Work in progress **

Configuring a firewall to defend attacks and protect your network/assets means taking several layers of defense into account. It's not just the rulebase that makes up a firewall security. In fact there are many more layers of protection and defense that together build up a strong level of firewall security.

These layers are often easy to deploy and set active, one just needs to know that they are available and ready to form your shield of protection.

So let's start to list them all up.

Layers of defense Field of security Description Protection Method of validation
Layer 1 Physical security secure space within a 19" rack in a secured spot only accessible to firewall admins    
Layer 2 Network security
  • access to firewall management is controlled and secured by firewalls managed by this management (firewall self-protection)
  • firewall management's default gateway is the firewall cluster operated by this firewall management
  • firewall management is defined as host and not as gateway
  • firewall management is not connections to any other networks and has only only interface to it's own firewall cluster
  • secure VPN configuration
    
Layer 3 Gaia OS security
  • allowed hosts
  • personalized user accounts
  • limited Clish shell as default Login shell
  • password security controls
  • strong cipher suites
  • separate scp account
  • login message
  • session timeout
  • backups / snapshots
  • ntp v4
  • snmp v3-only
  • etc.
 Ransomware
  • cat /etc/hosts.allow
  •  
Layer 4 Firewall security
  • IP address spoofing protection
  • block blacklisted IPs (sk103154)
  • block GEO locations (sk126172)
  • firewall rulebase security
  • inspection of encrypted protocols (such als HTTPS)
  • use of available security blades for deep packet inspection etc.
  • IPS (with Snort)
  • Content Security
  • App. Control & URLF
  • Anti-Bot, AV, etc.
  • DLP
  • TE, TX
  • rulebase policy installation free of warnings and errors
  • logfiles free of warnings and errors
  
  • check for "spoof" entries in log
  • check for "DOS/Rate Limiting Policy" entries in log
  • enable session logging and check for "source country" or "destination country"
Layer 5 Admin security
  • organizes regular firewall security reviews
  • regularly reports to management
  • maintains an up-to-date firewall documentation
  • relics of configuration
  • inconsistencies
  • instabilities
  
Layer 6 End user security
  • regularly receives IT-security awareness trainings
  • is protected by a proper Endpoint security corp policy
 social engineering  
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top