Firewall audit – simple guide
FIREWALL ADMINISTRATION
Interview the firewall administrator and ask them about the rules. Some administrators just rely on the rules set by the vendor. Some can even give you a lecture on firewall. From the interview you can roughly determine the knowledge of the administrator and the level of reliance on the vendor.
Obtain the standards / guideline / policy related to firewall. Determine the adherence to the standards / guideline / policy documented. You will be surprised that sometimes the policies are just there for the sake of documenting but not implemented.
FIREWALL CONFIGURATION
When reviewing the rules: -
Look at the remarks column to determine the purpose of the rules. Sometimes the column is left blank and this is a bad practice.
Look for ftp or telnet services allowed. Determine the reason for allowing the services to be opened. Where possible, secure ftp and secure telnet via secure shell or SSH should be used to replace the ftp and telnet services.
Firewall rules should be specifically defined i.e. only required source, destination and services or ports required should be defined in the rules.
FIREWALL BACKUP
A set of firewall rules and configuration should be kept at the offsite storage to facilitate the recovery process.
FIREWALL LOG
Depending on the criticality and level of services provided, the logs should be reviewed accordingly. For example in an organisation that provides 24 hours Internet banking, the log review should also be more regular than organisations that just provide a static web page.
Interview the firewall administrator and ask them about the rules. Some administrators just rely on the rules set by the vendor. Some can even give you a lecture on firewall. From the interview you can roughly determine the knowledge of the administrator and the level of reliance on the vendor.
Obtain the standards / guideline / policy related to firewall. Determine the adherence to the standards / guideline / policy documented. You will be surprised that sometimes the policies are just there for the sake of documenting but not implemented.
FIREWALL CONFIGURATION
When reviewing the rules: -
Look at the remarks column to determine the purpose of the rules. Sometimes the column is left blank and this is a bad practice.
Look for ftp or telnet services allowed. Determine the reason for allowing the services to be opened. Where possible, secure ftp and secure telnet via secure shell or SSH should be used to replace the ftp and telnet services.
Firewall rules should be specifically defined i.e. only required source, destination and services or ports required should be defined in the rules.
FIREWALL BACKUP
A set of firewall rules and configuration should be kept at the offsite storage to facilitate the recovery process.
FIREWALL LOG
Depending on the criticality and level of services provided, the logs should be reviewed accordingly. For example in an organisation that provides 24 hours Internet banking, the log review should also be more regular than organisations that just provide a static web page.
Labels: firewall
posted by man at 6:10 PM
0 Comments:
Post a Comment
<< Home