Firewall Assessment Information
When managing a Firewall – The highest possible level of assurance is to be able to know exactly what access is, and is not, allowed throughout your infrastructure. A comprehensive review of all packet filtering devices in your network is the best mechanism to obtain this level of assurance.
Key activities include:
- Collect the configuration files for all packet filtering network devices (e.g., firewalls, routers, load balancers);
- Create a network map based on the configurations to provide the most accurate network map possible;
- Calculate the access permitted between every two points in your infrastructure and make that map available in an interactive manner;
- Identify router/firewall configuration vulnerabilities by base-lining the configurations against relevant regulations and prevailing good practice; and,
- Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
The predominant benefits realized by a Router/Firewall Configuration Review are:
- Provides assurance that critical access control mechanisms are in place, aligned with prevailing good practice, and operating as intended; and,
- Provides a measure of assurance that those systems and applications that are reliant upon the devices are secured in accordance with their expectation.
Firewall Assessment: Best Used
- As part of a compliance management program as a means to demonstrate compliance with relevant laws and regulations over an extended period of time;
- Where the network architecture and/or the operation of the same is complex and segregation between network segments is critical; and,
- Where risk tolerance is very low and/or where the organizational impact relating to risk realization is significant.
When an organization performs both a Router/Firewall Configuration Review and a Network Vulnerability Assessment the two data sources can be combined to provide interactive Threat Maps that can be used to:
- Visualize and interact with threat maps to garner an understanding of the probability that a vulnerability can be exploited from any particular vantage point and its associated impact;
- Visualize/understand how a malicious individual can attack unexposed systems via vulnerabilities on exposed systems (leapfrog attacks); and,
- Validate that proposed remediation advice will not impact desired traffic flows via traffic flow modeling of the recommended changes.