Firewall Audit

A Sword & Shield Firewall Audit thoroughly evaluates the firewall and firewall rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls must be implemented and maintained properly. But many organizations have added specific firewall rules for a one-time situation and forgotten to delete them. Or, they may have inherited firewalls from a merger or acquisition without an accurate grasp of the rule base. Our Firewall Audit is designed to address these concerns and more with a detailed analysis that reduces risks and increases perimeter security.

Our Firewall Audit Methodology

Sword & Shield security analysts will meet with a designated project manager to define the specific goals of the Firewall Audit. From there, our security analysts perform a thorough security review of firewall setup that addresses:

• Software version
• Physical security/controlled access
• Configuration
• Rule base implementation and enforcement
• Rule usage
• Traffic flows (used to optimize firewall rules for increased performance)

Sword & Shield examines the rule base to validate the traffic that is intended to pass through the firewall. Most firewalls protect several network segments or DMZs. Our analysts authenticate the rule base by testing access between each of the protected segments and isolating any unintended access. We work to identify any potential security vulnerabilities using both a manual and automated review process comparable to NIST SP800-41 recommendations and industry best practices.

Sword & Shield will also execute a non-threatening, low-bandwidth scan or penetration test on the firewall to discover if any ports have been left open. We can perform a Firewall Audit remotely with no travel costs, or on site, depending on the test plan most suitable to the client.

Questions Our Report Will Answer

• Do you have open ports on your firewall?
• Are firewalls acquired via a merger or acquisition properly configured?
• Is the deployed rule base correctly implemented and enforced by the firewall?
• Is throughput being impacted by unnecessary firewall rules?

Firewall Audit results and analysis are presented in a comprehensive report detailing firewall software revisions, known security threats, risk exposure and/or policy violations and recommendations on firewall rule base changes.

Real Success Story

In the midst of a firewall audit for a mid-size hospital, Sword & Shield analysts noticed a number of serious mis-configurations. They included the use of default simple network management protocol (SNMP) community strings and redundant remote management protocols (e.g. Telnet and secure shell). In addition, logging was not enabled. The most significant issue was that the rule base enforced by the firewall did not follow a philosophy of “least access.” Specifically, the rule base included several rules which were configured with the “any” object in one or more of the source, destination and protocol fields. Per conversations with the hospital firewall administrators, these broad rules were in place because they did not have the necessary information (i.e. traffic patterns) to restrict the source, destination or protocol field more narrowly.

Based on Sword & Shield findings and recommendations, the hospital made changes to their firewall implementation. First, they immediately changed the default SNMP community strings, disabled Telnet in favor of SSH, and enabled logging to a secure remote syslog server. As part of this effort, the hospital documented the changes and incorporated them into a corporate firewall hardening procedure. Secondly, the hospital implemented a philosophy of “least access” to strengthen the existing firewall rule base. In doing so, the firewall administrators reviewed the use of the “any” object throughout the firewall rule base and changed it to a more narrow scope where possible. Sword & Shield’s firewall audit helped the hospital improve perimeter security against Internet-based attacks.

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500

Request a Consultation

Name *
Company
Email *
Phone *
State	Select a StateAlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming
How can we help you today?
Spam Protection	Type this:
Sales answers requests within 1 business day and usually within a few hours.