The Firewall Hardening Guide v0.1 - Checkpoint Firewall-1 Specific Requirements - Services

by Bret Watson [Published on 16 Oct. 2002 / Last Updated on 24 Jan. 2013]

Enable FTP PORT Data Connections

This setting enables the use of FTP through Firewall-1.
We recommend that this setting should be enabled, provided internal users are allowed to do file downloading using FTP clients.

Enable FTP PASV Connections

This setting enables web browsers to do FTP downloads. Most (if not all) web browsers today, including Internet Explorer and Netscape uses FTP PASV connections for their file transfers (FTP://…..).   FTP PASV connections represent a higher security risk under certain conditions, and should be applied carefully.
We recommend that this setting should be enabled, provided internal users are allowed to do file downloading using their web browsers.

Enable RSH/REXEC Reverse stderr Connections

Allows RSH and REXEC to open reverse connections for the stderr file. Enabling these services may represent certain security risks, and should be applied carefully.
This setting should be disabled, unless there exists a documented need for these services.

Enable RPC control

Enabling Remote Procedure Call may represent certain security risks, and should be applied carefully. RPC may be used to obtain information on what services are running (=available) on a given host.
This setting should be disabled, unless there exists a documented need for these services.
 

Featured Links