Firewall Security Assessment
Our firewall security assessment service is designed to to ensure that the firewall configuration and rule set meets the business and compliance requirements of the company.
Firewall technology continues to play a key role in businesses of all sizes, establishing boundaries of trust and security within your organisation and the internet, and providing connectivity to employees and partners.
With the increasing complexity and functionality availability in next-generation firewalls and ‘virtual’ firewalls, it is especially important to ensure these are configured and managed correctly.
A full review of the ruleset will be investigated in line with the security architecture and the business supporting services after understanding gained from the operational use of the security device.
Weak / obsolete firewall rules could expose unnecessary service information of the servers hosting the business applications which could aid an attacker to exploit the weakness following a compromise.
Request a Firewall Security Assessment Quotation
Speak to Our Experts
Overview
The firewall security assessment will commence with a review of the compliance and security policies the business has agreed to.
Our consultant will request documents are made available by the client for review. This will include policies, applicable change requests and firewall setup documentation as well as a network diagram detailing positioning of the firewall in-scope for analysis by JAW Consulting UK.
This review will be conducted from the perspective of a white box audit.
It is critical any documentation about the firewall configuration, firewall rules set and any subsequent change control paperwork are reflected in the actual current state of the firewall. As part of the review, any variants with the paperwork will be raised as a finding.
Where relevant, the review will include references to the different network zones separated by the firewall, expected information flows across the firewall’s interfaces between those zones and agreed services and open ports for business purposes for each zone.
The client will also need to supply electronically ideally a copy of the firewall configuration and rule base.
If the firewall is from a shared service provider, rules only pertaining to the business and any general rules need to be provided. Rule ordering and priority is also important and this information should be included with any provided firewall rule base details.
The firewall security assessment will cover the following key areas: –
- Software version and patch level
- Location of firewall within the network
- Insufficiently restrictive rules
- Overlapping rules
- Permissive rules precede the deny all rule
- Unused objects
- Insufficient auditing
- Weak account passwords /password encryption used
- Insecure services used
- Missing rules (e.g. a stealth rule)
- Time synchronisation
- Excessive user accounts/least privilege
- Security of VPN settings
- Configuration of other modules
- Protections employed against common Denial of Service Attacks
A firewall security assessment requires a minimum of two days if a full policy and change control document set is provided for one firewall. Subsequent extra firewalls will be reviewed on a one man-day per firewall basis.
If the firewall security assessment is purely of the firewall rule base and its configuration, then please allow a day per firewall.