The purpose of the firewall security audit is to ensure that the firewall configuration and ruleset meets the business and compliance requirements of the organization. In order to effectively review firewalls, the business and compliance requirements must be clearly identified. For this reason, prior to reviewing the firewall configuration and rule set, it is critical to verify that the documentation describing the organization’s business and compliance requirements is accurate, complete and current.
Firewall Security Audit will cover following practice methods for assessment:
- Review the firewall configuration file for the identification and protection of all network segments.
- Review the processes and mechanisms for a security model that denies access by default, such that explicit access permissions must be specified.
- Review the implementation of open ports and services required for operations for all access points to the external presence.
- Review the documentation of those entries and the configuration of those ports and services for access request and authorization listings.
- Identify the implementations of banners, access controls, and appropriate use policies.
- Review the implementation of processes for monitoring and logging access at access points to the network.
- Review the security monitoring process and its ability to detect and alert for attempts at or actual unauthorized access where technically feasible.
- Review controls for default accounts, passwords, and network management community strings.
- Review all ingress/egress points within the network.
- Identify best practices implementation and lack of hardening techniques.