SysYork

Firewall

Configuration

Audit

Firewall Audit

Firewall Configuration Audit can be divided into two parts

A firewall audit is a procedure that gives you insight into your firewall’s current access and connections, finds weaknesses, and tracks modifications.

Change process

A review of the firewall change process is usually the first technical step in a firewall audit. This phase ensures that requested changes have been appropriately approved, implemented, and documented. Depending on whether you have a tool to assist you or are doing it manually, you can accomplish this in a few different ways.

  • Requester's permission to submit firewall change requests documented ?
  • Is there evidence of each change's risk analysis ?
  • Are there valid (digital or physical) reviewer and approval signatures
  • Is there an expiration date for the change
  • Are the modifications in the change ticket well-documented
  • Documented business reason for the change
  • Is there documentation for each change's maintenance window and/or install date
  • The comment on each firewall security policy rule should have at least two pieces of data: the change ID of the request and the initials of the engineer who implemented the change.

Firewall rule base

A review of the rulebase is usually the second technical step in a firewall audit (also called a policy). Because this stage has typically been difficult to do and is extremely technology-dependent, the methodology used by auditors differs greatly.

  • Are there any services in the rules that are no longer used?
  • Are there any uncommented rules?
  • Are there any uncommented rules?
  • Are there any firewall rules with ANY in three fields (source, destination, service/protocol) and a permissive action?
  • Are there any rules with ANY in one field and a permissive action?
  • Are there any groups or networks in the rules that are no longer used?
  • Are there any rules with ANY in two fields and a permissive action?
  • Are there any policy rules that are no longer used?
  • Are there any controls in place that allow dangerous services to be sent outward to the Internet?
  • Is there any rule that goes against our corporate security policy?
  • Is there any policy in place that allows direct traffic from the Internet to the internal network (rather than the DMZ)?
  • Are there any rules that allow dangerous services to enter the country via the Internet? While your company's definition of "risky" may differ, most begin with protocols that pass login credentials in the clear, such as telnet, ftp, pop, imap, http, netbios, and others.
  • Are are any regulations in place that allow Internet traffic to sensitive servers, networks, devices, or databases?

Contact Us Today

Let us help you identify all knowns and unknowns. 

You can’t secure what you can’t see or don’t Know

Contact us

SysYork Technologies aims to improve our client’s security posture with an unrelenting focus on Cyber Security and compliance through people, processes, and technology.

Explore

More

Address

  • DLF Centre, Sansad Marg, Connaught Place, New Delhi - 110001, India
  • Info@SysYork.com

©2019-2022 SysYork Technologies

Copy right All rights reserved.