Performing a regular firewall audit is critical in maintaining firewall system operational and security state
Performing a regular firewall audit must be undertaken to ensure that the firewall security system is performing its intended function and security has not been compromised. The firewall auditing of the firewall system must be carried out by security personnel and include analysis of the firewall platform and its configured rule base, logging and alerting security measures.
A vulnerability assessment (extension of a security audit) of the external facing firewall system should also be routinely undertaken by independent security certified professionals. This is required to validate the level of protection provided by the firewall against known security exploits and common hacking techniques. Performing Firewall audit and security vulnerability assessments (refer to an example of risk assessment) are important in validating the security operations of the individual firewall system. Performing a regular firewall audit is critical in maintaining firewall system operational and security state. It also determines if updates to the security system or security procedures are required.
The minimum requirement with regards to performing the firewall Audit is:
The firewall audit must be carried out by non-Firewall administrator personnel and include analysis of the following (as a minimum):
a. Firewall system platform (security hardening, patch levels, physical access, user and groups accounts).
b. Firewall system configuration (enabled services).
c. Firewall administration practices.
d. Firewall security rule base analysis.
e. Firewall security logging analysis.
f. Firewall alerting and security escalation procedures.
The recommend requirement with regards to performing firewall Audit is:
1. A security vulnerability assessment should be regular undertaken in all hostile environments (external facing firewall connections). This is an extension of a firewall audit as it proactively probes the firewall for known security weakness.
2. A vulnerability assessment must be undertaken using independent security certified personnel. These personnel must have expertise in providing security vulnerability assessments and have detailed knowledge of Internet security exploits and firewall systems.
By not performing regular firewall audit, many security related issues may arise which never be detected. This may result in an incorrectly configured or maintained firewall system that is susceptible to common security attacks.
The previous discussion about firewall topology for your firewall security standards guidelines, you can also read about firewall logging. The collection and maintenance of firewall logs is critical in determining the security of a firewall system and the assets it protects.
Recent Comments