Scribd Logo
Upload

Welcome to Scribd!

  • Firewall Auditc Hecklist

    Uploaded by

    Christopher Selva
    6 views2 pages

    Original Title

    FIREWALL AUDITC HECKLIST

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    Firewall Auditc Hecklist

    Uploaded by

    Christopher Selva

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    FIREWALL AUDIT CHECKLIST

    I. Level of configuration on a Firewall


     configuration level
     Rule based level
     Physical security level

    II. Quick checklist for Audit


    II.1 Firmware and patches
    a. Ensure Firewall firmware is up to date
    b. Ensure OS Security patches are updated
    c. Ensure the firewall (physical device) is store in a secure place with access
    control

    II.2 SNMP version and Community string


    d. SNMP V3
    e. Set up a strong community name

    II.3 Identity and authentication


    f. Do not use default usernames and passwords change them
    g. Firewall must be authenticated with RADIUS or TACACS
    h. External access must be done using secure VPN (the VPN users must be
    reviewed regularly)

    II.4 HA & BCP DR Testing


    i. Secondary FW for HA
    j. BCP DR testing is performed regularly according to a documented test plan,
    test must be documented and reported and validated

    II.5 Configuration back up, logs, Alerts & NTP Server


    k. Firewall configurations files and rule base is backed up for future restoration
    purposes
    l. Ensure logs are collected at a centralized server and alerts configured to
    report system and security related events or incidents
    m. Privileged users’ activities are logged and reviewed regularly
    n. Make sure NTP Server is configured preferably with an internal server like AD
    Server

    II.6 ANY (the most dangerous)


    o. Make sure ANY is not used in source/destination service or ports

    II.7 Access to vulnerable ports


    p. Make sure there is no rules granting access from DMZ to internal network
    q. No rules providing direct communication or incoming communication from
    internet to internal network
    r. Make sure access to vulnerable ports like FTP finger are not configured for
    any usage

    II.8 Access to a large subnet


    s. No rules granting access to a large subnet: unnecessary access provided to Ips
    and endpoint
    t. Always end configuration with a DENY ALL at the end of the rules

    II.9 Redundant, shadow, unused, inactive rules


    u. Check duplicate rules
    v. Unused rules: not used or not performing any activity
    w. Inactive rules: not active or disables
    x. Shadow rules:

    II.10 Change management


    y. Make sure any changes to the FW configuration or rule base are done
    following proper change management policy/procedure
    z. Make sure all changes are approved and tracked in a change management
    tool

    You might also like