Re: Firewall Audit program

Pretty good list, Doug. Thanks for sharing it.

a. Control of outbound traffic - all allowed or all blocked except where
specifically allowed?

b. Patch level of the firewall and OS, if applicable.

c. Number of administrators versus the number of administrators who actually
log into the system to do something on a regular basis.

d. Is there a support (maintenance) agreement in place?

e. For Check Point, are the active implied rules correct for the company?

Ray

"Doug Fox" <dfox168@hotmail.com> wrote in message
news:CqydnUMk_s2HghfeRVn-og@rogers.com...
>I am using the following one which is by no means comprehensive. I am
>sharing it with the group and any input is much appreciated.
>
> 1) The placement or location of the firewall
> 2) Vulnerability scanning the firewall from outside, e.g., Internet
> 3) The rulebase or security policy according to its vendor recommendation
> 4) I will also check the access control (ID, password and priviledges) to
> the system.
> 5) physical security of the system
> 6) Monitoring of the firewall log, to find out if any port scanning or
> hacking activities
> 7) Rulebase Change Control
> 8) Documentation
> 9) Backup
> 10) Please generously point out the missing pieces as you see it.
>
> Any input/comments are greatly appreciated.
>
> Thanks,
>
> Doug
>
>
>
> "Amit Gupta" <guptaamitu@gmail.com> wrote in message
> news:1133093338.246220.193760@g14g2000cwa.googlegroups.com...
>>I have to do through review of the PIX and Checkpoint firewall and can
>> any one send me the detailed audit program for the same.
>>
>> Thanks a lot.. in advance
>>
>> Regards
>>
>> Amit
>>
>
>
Received on Sat Dec 3 04:18:39 2005