Compliance Software Blade
Compliance Blade: be safe or be green
What do you need to know about Checkpoint Compliance Software Blade.
Only requirements related to currently used blades are used. Why? This leads us to wrong assumption: that everything is fine. DSD - 14 requirements
HIPA - 16
ISO 27001 - 27
ISO 27002 - 198
NIST 800-41 - 22
PCI DSS - 56
624 Regulatory requirements:
392 Regulatory requirements (232 less):
DSD - 7 requirements (7 less)
HIPA - 14 (2 less)
ISO 27001 - 23 (4 less)
ISO 27002 - 167 (31 less)
NIST 800-41 - 21 (1 less)
PCI DSS - 48 (8 less)
Real appliance compliance*
DSD - 84%
HIPA - 77%
ISO 27001 - 87%
ISO 27002 - 89%
NIST 800-41 - 82%
PCI DSS - 83%
Security status: High. So everything is fine. I am secure, yupi :) See note below.
* - Virtual Appliance with Firewall, VPN, AI blades.
Relevant Security Best Practices*
Requirement: "Use intrusion detection systems, and/or intrusion prevention sysmtes to monitor all traffic at perimeter of cardholder data enviroment as well as at critical point inside of the cardholder enviroment, and alert personnel to suspected compromises. Keep all intrusion detection and precention engines, baselines, and signatures up-to-date [Original PCI DSS 2.0 Reference: Requirement 11: Regularly test security systems and processes: 11.4]" FW170: Check that replay checks are enabled in Check Point Database tool
FW171: Check that all audit trails include date, time and user identification
Relevant Security Best Practices:
"Ensure that all anti-virus programs are capable of detecting, removind, and protecting against all known types of malicious softwore [Original PCI DSS 2.0 Reference: Requirement 5: Use and regularly update anti-virus software of programs: 5.1.1]"
Relevant Security Best Practices:
FW102: Check that Anti-spoofing has been activated on each Gateway
FW103: Check that Anti-spoofing is set Prevent on each Gateway
FW104: Check that Extended cluster Anti-Spoofing has been enabled
And thats all? Nothing about AV and IPS? Without blades relevant security best practices look strange.
Some requirements looks to be added only to increase requirements number:
Enable NAT in the Firewall settings (hmmm use NAT :) )
Check that 'Clean up Rule' is Defined in Firewall Rule Base (There is no explicit deny rule at the end?)
Will search for more
Some requirements are doubled only to increase requirements number:
Check that the HTTPS Validation on the URL Filtering blade drops traffic from servers with Untrusted Server Certificates
Check that the HTTPS Validation on the URL Filtering blade drops traffic from servers with Revoked Server Certificates
Check that the HTTPS Validation on the URL Filtering blade drops traffic from servers with Expired Server Certificates
and same thing for application control
Check that the Hit count is enabled for all Gateways (via Global Properties)
Check the Hit Count data configuration
Check that the Hit count is enabled for all Gateways (via Gateway's Prperties)
This checks that in the event that firewall logs are being deleted, the field 'Run the following script before deleting log files' is selected and that a script is documented.
This checks that alerts are enabled on each Gateway to notify the user regarding the availability of disk space for the Firewall logs.
This checks on each Gateway that if the available space for Firewall logs reaches either 25% or 20 Mb, then an alert will be issued
This checks that an alert type has been defined for available disk space for the Firewall logs
This checks that in the event that there is no more room to store Firewall logs, older logs will be deleted to ensure continuous logging. Note that we recommend a script to be run to copy the Firewall logs prior to deletion.
This checks each Gateway that Firewall logs are only deleted when the available disk space reaches a minimum level of 15% or 45 Mb. Note that we recommend a script to be run to copy the Firewall logs prior to deletion.
In my opinion each requirements group can be combined into one requirement.