Gaia Hardening

This document describes how to harden the Check Point Gaia operating system.

Components that are not necessary for a network security device, or that could cause security vulnerabilities were removed.

Check Point Gaia R80.30 has two flavors, one based on Red Hat Enterprise Linux 5.2 with 2.6.18 kernel version, and the other based on 7.4 with 3.10 kernel version. The applications removed from the operating system include X Windows, office applications, games, and many other applications that are irrelevant to firewall operations. This document describes the remaining packages and modifications to the system.

R80.30 7.4-3.10 flavor contains upgraded Linux packages compared to the 5.2-2.6.18 flavor. For more details, see Upgraded RPMs. For additional new packages, see Added RPM packages.

Important Notes

  • RPMs not needed for network security services were removed.

  • The RPMs listed below are for the R80.30 Gaia release. See Unchanged RPM Packages.

  • The list of RPMs does not include the Check Point application packages that are installed on the Gaia system. It only addresses operating system hardening.

  • Gaia is derived from a Red Hat Linux distribution. The source code for these modified packages is available for review, as described in the License.txt file on the Gaia distribution media.

  • The hardening of some Gaia components, such as those requiring external network communications, was audited both by Check Point staff and by an independent security consulting organization.

Network Services supported in Gaia

After Gaia is installed, the only network services present on Gaia are:

  • Open SSH. Used for remote console login. Listens on TCP port 22.

  • Check Point secure web server. Used for system administration using a Web user interface (portal). Access is via HTTPS. Listens on TCP port 443.

  • Check Point remote installation daemon cprid. Used for Check Point software management. Listens on TCP port 18208.

After the Check Point applications are enabled, several more processes listen on the network. These processes are all used by the various management, VPN, and firewall operations to perform Check Point Secure Internal Communications (SIC).

Note - The Check Point secure web server was developed internally at Check Point. It is based on the industry standard Apache Web Server, hardened and configured to run only the Gaia Portal.