A Sword & Shield Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls and routers must be implemented and maintained properly, but many organizations have added specific rules for a one-time situation and forgotten to delete them. Also, they may have inherited devices from a merger or acquisition without an accurate grasp of the rule base. Our Firewall/Router Audit is designed to address these concerns, and more, with a detailed analysis that reduces risks and increases perimeter security.
Our Firewall Audit Approach
Sword & Shield security analysts will meet with a designated project manager to define the specific goals of the audit. From there, our security analysts will perform a thorough security review of firewall/router setup that addresses:
- Software version,
- Physical security/controlled access,
- Rule base implementation and enforcement,
- Rule usage, and
- Traffic flows.
Sword & Shield will examine the rule base to validate the traffic that is intended to pass through the firewall/router. We will work to identify any potential security vulnerabilities, using both manual and automated review processes, comparable to NIST SP800-41 recommendations, and industry best practices.
Sword & Shield will also execute a non-threatening, low-bandwidth scan or penetration test on the firewall to discover if any ports have been left open. We can perform a Firewall Audit remotely with no travel costs, or with an on-site visit, depending on the test plan most suitable to the client.
Questions Our Report Will Answer
- Are there open ports on your firewall?
- Are firewalls acquired via a merger or acquisition properly configured?
- Is the deployed rule base correctly implemented and enforced by the firewall?
- Is throughput being impacted by unnecessary firewall rules?
Real Success Story
In the midst of a firewall audit for a mid-size hospital, Sword & Shield analysts noticed a number of serious miss-configurations. These included the use of default simple network management protocol (SNMP) community strings and redundant remote management protocols (e.g. Telnet and secure shell). In addition, logging was not enabled. The most significant issue was that the rule base enforced by the firewall did not follow a philosophy of “least access.” Specifically, the rule base included several rules which were configured with the “any” object in one or more of the source, destination and protocol fields. Our conversations with the hospital firewall administrators revealed that these broad rules were in place because they did not have the necessary information (i.e. traffic patterns) to restrict the source, destination or protocol fields.
Based on Sword & Shield findings and recommendations, the hospital made changes to their firewall implementation. First, they immediately changed the default SNMP community strings, disabled Telnet in favor of SSH, and enabled logging to a secure remote syslog server. As part of this effort, the hospital documented the changes and incorporated them into a corporate firewall hardening procedure. Secondly, the hospital implemented a philosophy of “least access” to strengthen the existing firewall rule base. In doing so, the firewall administrators reviewed the use of the “any” object throughout the firewall rule base and changed it to narrow the scope where possible. Sword & Shield’s firewall audit helped the hospital improve perimeter security against Internet-based attacks.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885