A detailed inspection and review of the rules configured on physical firewall appliances and virtual firewalls installed on individual hosts, this service aims to provide assurance that our clients don’t permit traffic into or out of their networks that they aren’t expecting.
This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s business model and typical Internet use.
The exact process depends on the network and device being assessed, the environment in which it is to operate, and the types of network activity generally permitted, however, it will typically involve the following:
- Define Goals – Understand the purpose to which the firewall will be put, any additional measures it will be supported by (e.g. intrusion prevention systems), and the organisation’s typical approach to firewall management.
- Automated Configuration Scanning – Use of automated configuration scanning tools to identify and assess configuration options.
- Automated Ruleset Enumeration – Use of automated configuration tools to identify and assess rulesets, and put them into the appropriate context.
- Manual Audit – Manually review the firewall rules and configuration settings against the organisation’s security objectives.
- Reporting – Production of a detailed report on areas of non-compliance, non-conformance, potential technical risks, and suggested remedial steps where appropriate.