About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
Firewall Audit
A Sword & Shield Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls and routers must be implemented and maintained properly, but many organizations have added specific rules for a one-time situation and forgotten to delete them. Also, they may have inherited devices from a merger or acquisition without an accurate grasp of the rule base. Our Firewall/Router Audit is designed to address these concerns, and more, with a detailed analysis that reduces risks and increases perimeter security.
Our Firewall Audit Approach
Sword & Shield security analysts will meet with a designated project manager to define the specific goals of the audit. From there, our security analysts will perform a thorough security review of firewall/router setup that addresses:
Sword & Shield will examine the rule base to validate the traffic that is intended to pass through the firewall/router. We will work to identify any potential security vulnerabilities, using both manual and automated review processes, comparable to NIST SP800-41 recommendations, and industry best practices.
Sword & Shield will also execute a non-threatening, low-bandwidth scan or penetration test on the firewall to discover if any ports have been left open. We can perform a Firewall Audit remotely with no travel costs, or with an on-site visit, depending on the test plan most suitable to the client.
Questions Our Report Will Answer
Real Success Story
In the midst of a firewall audit for a mid-size hospital, Sword & Shield analysts noticed a number of serious miss-configurations. These included the use of default simple network management protocol (SNMP) community strings and redundant remote management protocols (e.g. Telnet and secure shell). In addition, logging was not enabled. The most significant issue was that the rule base enforced by the firewall did not follow a philosophy of “least access.” Specifically, the rule base included several rules which were configured with the “any” object in one or more of the source, destination and protocol fields. Our conversations with the hospital firewall administrators revealed that these broad rules were in place because they did not have the necessary information (i.e. traffic patterns) to restrict the source, destination or protocol fields.
Based on Sword & Shield findings and recommendations, the hospital made changes to their firewall implementation. First, they immediately changed the default SNMP community strings, disabled Telnet in favor of SSH, and enabled logging to a secure remote syslog server. As part of this effort, the hospital documented the changes and incorporated them into a corporate firewall hardening procedure. Secondly, the hospital implemented a philosophy of “least access” to strengthen the existing firewall rule base. In doing so, the firewall administrators reviewed the use of the “any” object throughout the firewall rule base and changed it to narrow the scope where possible. Sword & Shield’s firewall audit helped the hospital improve perimeter security against Internet-based attacks.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500