Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

In my days as a pentester, we used to use tools like Nipper, combined with manua

ID: 654805 • Letter: I

Question

In my days as a pentester, we used to use tools like Nipper, combined with manual analysis, to perform audits of firewall configurations. However, in my current company we have many different firewalls and network devices, and I was wondering how people typically will audit their firewalls for security.

Note - I am not asking for specific product recommendations, though throwing out vendor names never hurts, what I am really asking for here is how people approach the task of performing audits.

To my thinking, the ideal solution would be some form of unified management for firewalls, which would allow the networking team to do all of their day to day operations, but also support change management controls, security audits, compliance reviews, and more.

Explanation / Answer

I usually look firstly at the network diagrams and how the network is or should be configured. This will give me an idea of where is the perimeter, the internal networks, the functional segments and so on. I then look at what are the devices - brand, model - used to manage the environment, whether they are enterprise class and have functionality to unify the management. This should give me an indication of how much I can see centrally versus how much time I'll need to go through individual systems.

I'll look at the basic management of the firewall - firmware updates and version, user management, syslog and NTP configurations. Then I'll look at the rules.

Ideally rules will be justified/explained with a comment or link to a change control. There will be a valid source, destination with specific protocols for most rules - there will be very few instances of 'any'. Secure protocols will be used where possible, HTTPS, SFTP and justified if not. Redundant rules and objects will be disabled or removed. Application and operations teams will assist in the review to validate their requirements.

Counts on use of rules or tools to identify unused rules/objects are useful.

Once you've completed the review and you have a list of issues, questions, these should be entered into a report or spreadsheet and changes required identified and prioritised. Redundant rules should be disabled temporarily prior to deletion and comments updated. Rules which can be more restrictive should be updated and commented.

Once you've done the above across the estate, it's probably time to start again!

Related Questions

In multiple regression analysis, when the independent variables are highly corre
Question #3380048
In multiple regression with 5 independent variables, the sum of squares due to e
Question #3223559
In multiple regression, the relative size of the coefficients is not important.
Question #3390054
In multiple regression, the residual plot of the residuals versus predicted valu
Question #3239152
In multiple regression, the residual plot of the residuals versus predicted valu
Question #3253874
In multiple regression, the response variable is not linearly related to one or
Question #1217179
In multiple regression, the response variable is not linearly related to one or
Question #3383711
In multiplying two monomials, you use (but do not always show)the commutative an
Question #3095852
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
In my database I have a table that looks like this Master(ID, Name, Attr1...). E
Next
In my differential equations class, I must do the following: Thanks! Prove that

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.