Following are the points you can consider while performing a manual firewall (Configuration and Rulebase) review:
1. Firmware & Patches
- OS Security patches are updated
- Device placed in secure place with Access Control
2. SNMP version (should be v3) & Community String (should be strong)
3. Identity & Authentication
- Default user names and passwords are changed
- Firewall is authenticated with RADIUS or TACACS
- External access through secure VPN
- Verify VPN encryption uses strong algorithms (AES etc.)
4. Check for session timeout (Console, Inactivity timeout)
5. High Availability & BCP DR Testing
- High Availability with a secondary firewall
- BCP DR testing is performed at regular intervals
6. Config. backup, Logs, Alerts & NTP Server
- Firewall config file and rule base is backed up
- Logs are collected and alerts are configured
- NTP server is configured (Good to have a set of private NTP servers in sync with a public NTP server)
7. Insecure access rule - "ANY" rule
- Check for "deny-all" setting if it is configured at the end of every rule set
8. Access to vulnerable ports
- Access from DMZ to internal network and vice-versa
- Direct access from internet to internal network
9. Access to large subnets
10. Redundant, Shadow, Unused & Inactive rules
11. Remove unused objects
12. Critical port access rules
- Mostly access will be provided using PIM and PAM solutions, so check for the need of such rules (port 22, 1433, 3389 etc.)
13. Change Management
- Make any changes to firewall or it's rule base via proper change management
Happy Learning !!
No comments:
Post a Comment