Urgent need for hardening Windows 2003 Server for NGX R65 installation

[vbavbalist]

Hi,

Im in an urgent need to have a checklist for hardening windows 2003 server which NGX R65 firewall will be installed . So we need to harden the OS for security but also let the firewall run normally. I found that that there is Checkpoint article which is called sk26458 but i cant access it. Any help (for mostly providing Checkpoints articles content ) will be valuable.


Regards

[BarryStiefel]

Quote:

Originally Posted by vbavbalist

Hi,

Im in an urgent need to have a checklist for hardening windows 2003 server which NGX R65 firewall will be installed . So we need to harden the OS for security but also let the firewall run normally. I found that that there is Checkpoint article which is called sk26458 but i cant access it. Any help (for mostly providing Checkpoints articles content ) will be valuable.


Regards

Step 1. Insert the SecurePlatform R65 CD-ROM into your CD-ROM drive.

Step 2. Reboot.

Step 3. Follow the instuctions.

You should be all set.

Glad to be of help.

Barry

[vbavbalist]

thanks Barry for your answer,

But will the runnning the setup of NGX R65 will also harden the Windows 2003 Server? ı dont think so? I have made Splat installations before so no hardening was required but i have to install on windows this time.

Regards

[dantro]

No one will recommend you to use Microsoft Windows for a firewall installation, because:
(1) you have to pay an additional license for it
(2) you have to understand and follow Microsoft's update cycles which may not be in sync with Check Point's updates.
(3) you are taking the risk for incorrectly hardening the Microsoft OS
(4) Check Point only supports its own SPLAT. If you want to receive support for Windows you will have to contact Microsoft.

However. If you are looking for a hardening guide, why not taking the one from NSA? URL: Operating Systems Guides

You have not explained why you won't use the ones publicly available everywhere.

[vbavbalist]

Hi dantro,

Firstly this is my 2nd week at this company,though they know my experience they only want me to connect to firewall (read only yet). There (said to be) 2 firewall on windows 2003 server , one is online and one is resting in peace. Windows 2003 server is not my choice of course i prefer to install on SPLAT if the manager says so.

For the Checkpoint article choice as you said i dont want to misharden the OS to cause improper functioning and also maybe a security lack.

Thanks for reminding me the NSA guides, I have found some inf files for bastion host role from Microsofts Windows 2003 server security guide yesterday. But as i said Checkpoints article is i guess came from the Checkpoint's (product experience) so starting with their article will make me feel better.

Thanks and regards

[dantro]

Be sure that I've looked for the sk you've mentioned. I've got expert mode access but couldn't find the article. So it's either set to 'Check Point internals only' or you did a typing mistake.

[vbavbalist]

Hi,

Thanks for checking , i got the sk number from Windows 2003 Server Hardening guide which i found from googleing. So i dont know if something is wrong with the sk number. But i think that there must be a public available cause there must be many companies which uses the windows version of the firewall (of course the ratio supports SPLAT)

Regards

[dantro]

Seems like it has been removed from the Secure KnowledgeBase.

[vbavbalist]

Yes that must be occured, what a luck. Thanks for the interest , if you can add something more ill like to go on to the thread