Firewall audit
-
Upload
velliyangiri-ks -
Category
Devices & Hardware
-
view
239 -
download
0
Transcript of Firewall audit
Firewall Auditing
2
What is a firewall? A firewall is a device or collection
of components placed between two networks that collectively have the following properties: All traffic from inside to outside,
and vice-versa, must pass through the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3
Firewall Types First Generation
Packet Filtering Firewalls Second Generation
Stateful Inspection Firewalls Third Generation
Application (Proxy) Firewalls Forth Generation
Kernel Proxy technology “Deep packet” inspection IDS / IPS capabilities
4
Defining Audit Scope Firewall Documentation Approval Procedures and
Process Firewall Rule Base VPN Layer Seven Switching Internal Testing External Testing
5
Firewall Auditing Methodology
PhasesI. Gather DocumentationII. The FirewallIII. The Rule BaseIV. Testing and ScanningV. Maintenance and
Monitoring
6
Phase I - Gather Documentation Security Policy Change Control Procedures Administrative Controls Network Diagrams IP Address Scheme Firewall Locations IPS Capable?
7
Phase I - Gather Documentation Firewall Vendor Software Version and Patch Level Hardware Platform Operating System Version and
Patch Level Administrator training and
knowledge
8
Phase II – The Firewall Three “A’s”
Authentication Local / Remote
Access Logical / Physical
Auditing (logs) Local / Remote
OS Hardening
9
Phase III – The Rule Base Based on the Organization’s
Security Policy Review each rule
Business reason Owner Host devices Service Ports
Simplicity is the key Most restrictive and least access
10
Phase III – The Rule Base Rule order (first out)
Administration Rule ICMP Rule Stealth Rule Cleanup Rule Egress Rules
Logging
11
Phase IV – Testing & Scanning Determine & Set Expectations Scan the firewall
Nmap Firewalk
Scan host behind the firewall Nessus ISS
Ensure results match expectations
12
Phase V – Maintenance & Monitoring Change Management and
Approval Is the process documented? Is the process being followed? Is there evidence of process?
Disaster Recovery Plan Formal? Backup and Recovery Procedures
Firewall Logs Reviews Storage and archival
13
Demo
14
Questions???
15
References and Additional Resources
The CISSP Prep Guide Ronald L. Krutz & Russell Dean Vines Wiley Publishers ISBN 0-471-41356-9
Firewalls and Internet Security William R. Cheswick and Steven M. Bellovin Addison-Wesley Publishing Company ISBN 0-201-63357-4
Lance Spitzner www.spitzner.net White Paper - Auditing your Firewall Setup White Paper - Building your Firewall Rule base
VicomSoft www.firewall-software.com White Paper – Firewall