HostedDB - Dedicated UNIX Servers

TICM - The Firewall Hardening Guide v0.1

Technical Incursion Countermeasures

The Firewall Hardening Guide v0.1 - Index

The whole thing collected into an Acrobat file (PDF: 126k)
Firewall-1 Overview
Mandatory Requirements
Network Documentation
Change Control
Firewall Documentation
Physical Security
Backup Procedures
Alert Procedure
Recommended Requirements
Testing Procedures
User names / passwords for managing the firewall
Management stations that can access and configure the firewall
Log and alert
Excessive Log Grace Period (sec)
Popup Alert Command
Mail Alert Command
SNMP Trap Alert Command
User Defined Alert Command
Anti Spoof Alert Command
User Authentication Alert Command
IP Options Drop Track
Log established TCP Packets
Log ISAKMP negotiations
Log encryption kernel events
Enable Active Connections
Enable FTP PORT Data Connections
Enable FTP PASV Connections
Enable RSH/REXEC Reverse stderr Connections
Enable RPC control
Lookup Priorities
Log Viewer Resolver Properties
Access List settings
Security server settings
SYNDefender settings
Suggested Rules
DNS queries from internal hosts (clients)
DNS queries from internal (DMZ) DNS servers to the outside (Internet)
Protecting the Firewall-1 system
Last rule in the rule base
Anti-spoofing and use of IP addresses
Using alternative domain names to hide the true identity when using services like WWW and FTP
Differences in using ‘Drop’ and ‘Reject’ in the ‘Action’ setting for each rule
Unnecessary services should be removed.
Risk of losing log data, or log data being manipulated.
Implicit Rules (Rule Zero rules)
DNS Rule Zero Rules
FW-1 Control Connections
Apply gateway rules to interface direction
TCP session timeout
Accept UDP Replies
Reply Timeout
Accept Outgoing Packets
Enable Decryption on Accept
Use Fastpath/Fastmode
Synchronisation between firewalls are being used
Accept RIP
Accept ICMP