Re: Firewall Audit program
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Firewall Audit program

From: Triffid <triffid@nebula.net>
Date: Tue Nov 29 2005 - 02:51:46 CET




¦ wrote:



> Pretty good list, Doug. Thanks for sharing it.


> 


> a. Control of outbound traffic - all allowed or all blocked except where 


> specifically allowed?


> 


> b. Patch level of the firewall and OS, if applicable.


> 


> c. Number of administrators versus the number of administrators who actually 


> log into the system to do something on a regular basis.


> 


> d. Is there a support (maintenance) agreement in place?


> 


> e. For Check Point, are the active implied rules correct for the company?


> 


> Ray



This list is starting to look most useful.



I'll toss in:



- log analysis that looks for obsolete rules and misconfigured internal 


hosts (in addition to malicious activity as previously mentioned)


- appropriateness of alert vs. log configuration


- incident response process: documented, tested?



Fundamentally, a firewall audit is about determining if it was built in 


accordance with policy and best practice, and whether maintenance 


processes effectively maintain security posture over time.



Triffid



> "Doug Fox" <dfox168@hotmail.com> wrote in message 


> news:CqydnUMk_s2HghfeRVn-og@rogers.com...


> 


>>I am using the following one which is by no means comprehensive.  I am 


>>sharing it with the group and any input is much appreciated.


>>


>>1) The placement or location of the firewall


>>2) Vulnerability scanning the firewall from outside, e.g., Internet


>>3) The rulebase or security policy according to its vendor recommendation


>>4) I will also check the access control (ID, password and priviledges) to


>>the system.


>>5) physical security of the system


>>6) Monitoring of the firewall log, to find out if any port scanning or 


>>hacking activities


>>7) Rulebase Change Control


>>8) Documentation


>>9) Backup


>>10) Please generously point out the missing pieces as you see it.


>>


>>Any input/comments are greatly appreciated.


>>


>>Thanks,


>>


>>Doug


>>


>>


>>


>>"Amit Gupta" <guptaamitu@gmail.com> wrote in message 


>>news:1133093338.246220.193760@g14g2000cwa.googlegroups.com...


>>


>>>I have to do through review of the PIX and Checkpoint firewall and can


>>>any one send me  the detailed audit program for the same.


>>>


>>>Thanks a lot.. in advance


>>>


>>>Regards


>>>


>>>Amit


>>>


>>


>>


> 


> 


Received on Sat Dec  3 04:18:39 2005