Professional Documents
Culture Documents
10
- Administration Review
11
12
13
14
- Access Control
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
- Firewall Configuration
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
- Monitoring
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
- Physical Security
64
65
66
67
69
71
72
73
74
- Operating System
75
76
77
78
79
80
81
82
83
FIREWALL AUDIT CHECKLIST
Identify whether methods other than the Firewall are used to provide access to the Internet (from trusted
networks) and from the Internet (from untrusted networks) is permitted (ie, modem, dial-in, etc)
Are there controls that ensure that access to the Internet is granted to only those authorized individuals?
Obtain a list of users with access to the firewall and reconcile to documented approved requests
• Is each user uniquely identifiable?
Evaluate whether the authentication methodologies (i.e., proxy) used are effective
Is non-employee access appropriate?
Does the security administrator periodically review the users that have access to the Internet?
• When was the most recent review?
Are there periodic reviews of inactive accounts?
• What are the actions taken to resolve the discrepancies?
What are the security controls used by the VPN in securing access to Bronxcare trusted networks?
Are there security controls over the use of modems and other methods (ie dial-in) used to access Bronxcare
trusted networks?
How is public access to the Web Servers protected by the firewall?
- Firewall Configuration
Evaluate the appropriateness of Firewall topologies implemented
What is the current hardware and software configuration of the Firewall?
Have all updates identified by the vendor been applied?
Is there a DMZ?
• Does the firewall properly separate the DMZ from the inside network and the outside network?
Is there is a single point at which the internal network can be separated from the Internet?
Review Firewall documentation to gain an understanding of the Firewall's capabilities and limitations
What are the threats for which response has been automated (eg denial of service attacks, spoofing)?
If IDS has not been implemented, determine the extent of intrusion detection automation
Are the firewall activities logged?
• Are there procedures in place to monitor and act upon any inappropriate activities?
Are the actions of staff who have privileged access to the firewall authenticated, monitored and reviewed?
Is logging and reporting procedures in place to monitor and act upon any inappropriate activities?
Are all inbound services, outbound services, and access attempts to or through the firewall that violates the
policy are all logged and monitored?
How frequently monitoring is performed?
Have alarms been set for significant events or activities?
What tools are used to help trend analysis?
Do the logs contain enough data for user accountability, type of transaction, date/time stamp, terminal location,
etc?
• Are the logs protected to prevent modifications?
• How long are the logs kept?
• What media are the logs stored on?
What process is used to report, follow-up, evaluate, and resolve all incidents?
Obtain copies of firewall reports for review
Are the firewall reports adequate in providing administrative staff with necessary information to help analyse
firewall activities (attacks, defences, configurations and user activities)?
What are the processes used to follow-up and resolve incidents?
Is the firewall periodically tested from Bronxcare trusted and untrusted networks?
What is the effectiveness of the firewall in enforcing Bronxcare security policy as reported to management?
- Physical Security
Are there physical methods to prevent unauthorized personnel from accessing Firewall systems?
Is there a list of authorized personnel permitted access to Firewall computer rooms?
Do all the authorized personnel need access?
Are there physical methods to prevent unauthorized personnel from accessing consoles, closets, routers, etc?