https://community.cisco.com/t5/network-security/firewall-hardening/m-p/2000544#M439324 <HTML><HEAD></HEAD><BODY><P>Hi Andrea,</P><P></P><P>Any firewalls should do the below mentioned things to keep the network secured.</P><P></P><P>1) You real IP's of the internal network should not be exposed to outside world.</P><P>2) Always its mandate to block as much as possible on the outside interface i.e the traffic that comes from the outside world to your internal network.</P><P>3)Always keep focus on the encrypted way of communication.... VPN/Some other encryption especially when it accesed from unprotected zone.</P><P>4) Block the vulnerable protocols example icmp...</P><P>5) Preferred to use CLI instead of GUI.</P><P>6) Inspection to be performed on critical protocols.</P><P>7) Make it specific instead of any any traffic.</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Syslog should be available for the logs... for artifacts and for the regular audits.</P><P>9) IPS/IDS should be inplace incase of internet firewall.</P><P>10) Update the patches whenever to match with the latest standards and well protected as required for your network.</P><P>11) Keep the management access very specfic i.e it should on the seperate interface or on a well protected zone.</P><P></P><P>We can keep on adding like this...... when we talk about hardening</P><P></P><P>By</P><P></P><P>Karthik</P></BODY></HTML> Tue, 07 Aug 2012 17:52:07 GMT nkarthikeyan 2012-08-07T17:52:07Z https://community.cisco.com/t5/network-security/firewall-hardening/m-p/2000543#M439323 <P>Hello guys,</P><P></P><P>&nbsp;&nbsp; I must do a node hardening on a firewall. The firewall is not from Cisco, but the vendor name is not essential for my question. I would like to know your opinions on which are the key points for a firewall hardening? </P><P></P><P>&nbsp;&nbsp; I'm addressing this question here as this is a large community where many of you have a lot of experience and can provide some guidelines. </P><P></P><P>&nbsp;&nbsp; Could you please help me?</P><P></P><P>Thank you!</P> Mon, 11 Mar 2019 23:39:12 GMT https://community.cisco.com/t5/network-security/firewall-hardening/m-p/2000543#M439323 andr2ea_g 2019-03-11T23:39:12Z https://community.cisco.com/t5/network-security/firewall-hardening/m-p/2000544#M439324 <HTML><HEAD></HEAD><BODY><P>Hi Andrea,</P><P></P><P>Any firewalls should do the below mentioned things to keep the network secured.</P><P></P><P>1) You real IP's of the internal network should not be exposed to outside world.</P><P>2) Always its mandate to block as much as possible on the outside interface i.e the traffic that comes from the outside world to your internal network.</P><P>3)Always keep focus on the encrypted way of communication.... VPN/Some other encryption especially when it accesed from unprotected zone.</P><P>4) Block the vulnerable protocols example icmp...</P><P>5) Preferred to use CLI instead of GUI.</P><P>6) Inspection to be performed on critical protocols.</P><P>7) Make it specific instead of any any traffic.</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Syslog should be available for the logs... for artifacts and for the regular audits.</P><P>9) IPS/IDS should be inplace incase of internet firewall.</P><P>10) Update the patches whenever to match with the latest standards and well protected as required for your network.</P><P>11) Keep the management access very specfic i.e it should on the seperate interface or on a well protected zone.</P><P></P><P>We can keep on adding like this...... when we talk about hardening</P><P></P><P>By</P><P></P><P>Karthik</P></BODY></HTML> Tue, 07 Aug 2012 17:52:07 GMT https://community.cisco.com/t5/network-security/firewall-hardening/m-p/2000544#M439324 nkarthikeyan 2012-08-07T17:52:07Z