This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
MVP Silver
MVP Silver
‎2024-02-04 03:16 AM

Administrator daily routines

Hi,

In this post, I'm embarking on a journey to uncover the daily habits of firewall administrators! My goal is to not only equip myself but also empower others reading this to become more confident and effective guardians of our networks.

1-What daily security checks should I perform as a Checkpoint firewall admin to identify potential attacks?

2-Seeking insights: What elements and daily checks should be included in an expert's Checkpoint firewall security report?

3-What is the most important thing that you need to check very often to make sure that your network is safe?

4-In your experience, what continuous monitoring practice provides the most actionable intelligence for securing a network?

5-What are your daily routines as a firewall administrator?

6-I'm curious about the daily practices of a firewall administrator. What specific checks and configurations do you prioritize?

Any more ideas are welcome! Don't hesitate to share any additional thoughts or suggestions you have!

 

/Moudar

7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-02-04 07:34 AM

I will see if I can find a good doc customer sent me while back about this, so glad you made this post, absolutely relevant.

Andy

Best,
Andy
0 Kudos
Moudar
MVP Silver
MVP Silver
‎2024-02-05 02:46 AM
In response to the_rock

Excited to dive into the linked resources, but wouldn't it be amazing to combine that with your personal wisdom? If you're willing to share some of your daily habits and how they've shaped your work, I'd be incredibly grateful!

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-02-05 02:48 AM
In response to Moudar

I would be happy to share if I were fw admin myself, which Im not lol

Best,

Andy

Best,
Andy
0 Kudos
spottex
Collaborator
‎2024-02-12 11:06 AM

We have a new engineer in our team who has updated a nightly script running on a MDM which checks all the GW's to see if backups have run. It now also looks for core dumps, snapshots the hosts resources and uptime, gets installed hotfixes which reports in a html table via email every morning. 
He has added secondary emails to the Service Desk to log a support ticket to the Security Team for each backup that fails and if any core dumps are found. 

Moudar
MVP Silver
MVP Silver
‎2024-02-13 12:18 AM
In response to spottex

The automation of processes is a hot topic these days, and I'm definitely intrigued! Could you delve deeper into it, particularly exploring the different tools we could leverage? Specifically, I'm curious about using Ansible scripts, Python scripts, or even leveraging Management APIs. The ideas of what to automate are most important, hence, additional insights into potential automation targets would be immensely valuable.

0 Kudos
spottex
Collaborator
‎2024-02-13 12:14 PM
In response to Moudar

I wrote the first one that just checked the backups via "show backups status" using HeikoAnkenbrand's earlier version of gw_multi_commands
REF: https://community.checkpoint.com/t5/Scripts/GAIA-Easy-execute-CLI-commands-on-all-gateways-simultane...
It was ok for a quick look at backups every morning.

I wont share the new script as it will become added value for our clients.
But for an overview it is BASH with if/then and awk
* mgmt_cli to extract the domains from the MDM and then their gateways
* $CPDIR/bin/cprid_util to run remote commands on the GW's which is using SIC to connect
* Output file is populated with all the data and formats it to HTML
* More if/thens to create emails to the services desk
* Uses an internal smtp relay to forward the email

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events