Understanding where the firewall sits in the topology is key, as over time, new networks are added, removed or duplicated for any number of reasons. Reviewing interfaces, IP networks, routing and forwarding configurations will help to identify which parts of the network are subject to inspection.
All firewall vendors use slightly different syntax to describe applied policies, and rarely is it legible to the lay-person. Translating firewall security and threat assessment policies and objects into plain English will help everyone understand how and where network security is applied.
Firewall configurations creep because policies are usually added over time, rarely subtracted. Often policies or policy objects become redundant, overlap or even duplicate other policies. This creep makes a firewall configuration very difficult to interpret. Policy Overlaps, Duplicates, Artifacts and Orphans must be identified, and then action may be taken to clean them up.
The firewall is the gateway into a network. Therefore it should be as secure as it can be. There are both global and vendor specific best practices and standards for device security. This audit ensures compliance with both.
When firewalls begin to reach capacity, services are affected. Even worse, higher layer threat management may be reduced to decrease load. Performing a health and resource assessment helps to predict capacity issues before they occur.
Hopefully the firewall is logging to an external host where logs are persistent. There can be high volumes of material to process. Nevertheless they should be analysed to look for system issues and threats. Having a statistical break out can help present high volume events into a more digestible format.
Does your company need specialized network security services? Give us a call today
