Firewall Assessment

Firewall Assessment Information

When managing a Firewall – The highest possible level of assurance is to be able to know exactly what access is, and is not, allowed throughout your infrastructure. A comprehensive review of all packet filtering devices in your network is the best mechanism to obtain this level of assurance.

Key activities include:

• Collect the configuration files for all packet filtering network devices (e.g., firewalls, routers, load balancers);
• Create a network map based on the configurations to provide the most accurate network map possible;
• Calculate the access permitted between every two points in your infrastructure and make that map available in an interactive manner;
• Identify router/firewall configuration vulnerabilities by base-lining the configurations against relevant regulations and prevailing good practice; and,
• Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
• The predominant benefits realized by a Router/Firewall Configuration Review are:
• Provides assurance that critical access control mechanisms are in place, aligned with prevailing good practice, and operating as intended; and,
  Provides a measure of assurance that those systems and applications that are reliant upon the devices are secured in accordance with their expectation.

Firewall Assessment: Best Used

As part of a compliance management program as a means to demonstrate compliance with relevant laws and regulations over an extended period of time;
Where the network architecture and/or the operation of the same is complex and segregation between network segments is critical; and,
Where risk tolerance is very low and/or where the organizational impact relating to risk realization is significant.
When an organization performs both a Router/Firewall Configuration Review and a Network Vulnerability Assessment the two data sources can be combined to provide interactive Threat Maps that can be used to:

Visualize and interact with threat maps to garner an understanding of the probability that a vulnerability can be exploited from any particular vantage point and its associated impact;
Visualize/understand how a malicious individual can attack unexposed systems via vulnerabilities on exposed systems (leapfrog attacks); and,
Validate that proposed remediation advice will not impact desired traffic flows via traffic flow modeling of the recommended changes.