Firewall
Rulebase Review

Review against
best practise

 

Any firewall device
can be reviewed

 

Reporting includes
management to technical
levels

 

What We Do

We’ll review your firewalls comparing the rulebase and configuration to your organisation’s security policies and to security best practise. The Security Bureau can approach this exercise from a consultative perspective or examine each firewall in without any business knowledge. Information about the location of the firewall in relation to the hosts it protects, and the security zones that it separates will be taken into account to ensure that the firewall rulebase is fully understood in terms of its context rather than the assessment being a standalone exercise.

How We Do It

A firewall rulebase review includes the following:

  • Review the rulebase against requirements of all your firewall rulebase standards documents
  • Examination of business justifications for any permitted connections that do not adhere to the firewall policy
  • Review rules against security best practice
  • Review rulebase integrity for being dependant on the secure configuration of any other security device
  • Review the logging taking into account the impact on the firewall performance
  • Review firewall objects that group several networks, hosts or ports that is overly permissive.
  • Identify entries specifying “ANY” as source, destination, port or protocol.
  • Review rulebase for undue complexity, which affects the performance of both firewalls, and search for sections that can be simplified or removed.
  • Review rulebase for duplication, which affects the performance of both firewalls and firewall administrators
  • Review rulebase for conflicting rules that affect the capacity of the firewall to function correctly.

What You Get

We will send you a detailed technical report on the detected issues along with guidance on how to resolve these. The report will also contain a high level management summary to ensure that the detected issues can be understood by non-technical staff.

The management summary section will restate your main security concerns and your drivers for security testing and the outcomes of these. We will also suggest short, mid and long term security strategies to meet your security goals.

The Security Bureau can present the findings by presentation over in a face to face meeting or a conference call if required.