Carry out a Firewall Audit in 11 Steps (+Free Guidelines)

[ad_1]

eSecurity Planet content material and product suggestions are editorially unbiased. We might make cash once you click on on hyperlinks to our companions. Be taught Extra.

A firewall audit is a process for reviewing and reconfiguring firewalls as wanted in order that they nonetheless fit your group’s safety targets. Over time, enterprise community wants, site visitors patterns, and software entry change. Auditing your firewall is among the most vital steps to making sure it’s nonetheless outfitted to guard the perimeter of your small business’ community. Your enterprise can both do the audit your self or rent a firewall specialist vendor to carry out one.


How Does a Firewall Audit Work?

A firewall audit is an intensive process that requires your IT and safety groups to look carefully at your firewall documentation and alter administration processes. Audits increase questions on firewall performance, in addition to drive groups to get granular about who’s in command of firewall guidelines. They lay a basis for steady community safety updates and enhancements.

To efficiently execute an audit, first decide your audit’s aims and acquire the info your crew wants. Then, overview your firewall guidelines and whether or not they’re nonetheless match to your safety infrastructure and total community safety. Your groups also needs to know who’s liable for the request and maintenance of every rule. A great firewall audit ought to finish with a clearly scheduled audit sooner or later, in addition to testing processes so you recognize if the firewall really works.

11 Steps to Carry out a Firewall Audit

Your safety, IT, or networking groups can use the next steps as pointers to finish your audit, or to discover a vendor who will carry out the audit for you.

1. Know Your Audit Plan & Targets

Sit down along with your IT, safety, or networking groups and ask, What precisely are we attempting to perform with this audit? Then, develop an inventory and make it succinct. Perhaps you’re attempting to weed out some irrelevant guidelines, or your small business’s executives need to know precisely what the firewall is filtering. Audits typically have a number of functions, so it’ll seemingly be a mixture of things.

Create ordered steps to observe in the course of the audit — they might be much like our listing right here. Make certain each crew member is aware of their job and when to carry out it. This consists of setting credentials and role-based entry controls for the suitable staff to allow them to view and configure the best know-how.

Your crew might need to use a particular software program to trace the listing of aims and steps, or you could simply use a Google or Phrase doc and share it with related stakeholders. Whichever you select, make certain it’s simple to entry and perceive.

2. Collect All Related Knowledge

Pull all vital info earlier than you begin the precise audit. Pre-audit information ought to embody:

  • Logs: Firewall logs include information about protocols and IP addresses and are helpful for seeing what’s really occurring on the community.
  • A listing of guidelines: Have all of your firewall guidelines in entrance of you so you’ll be able to resolve that are nonetheless helpful and which not are.
  • Everybody’s tasks: Discover out who’s accessible throughout an audit (for instance, know whether or not the pinnacle of IT will likely be on PTO in the course of the potential audit timeline).

By organizing this info upfront, you’ll be much less prone to run right into a snag midway by way of the audit since you’re lacking information or pointers for crew members. A shared folder is an effective location to retailer a number of sources of information.

3. Decide Change Administration Procedures

It’s doable your crew already has a change administration course of or answer, however make certain it’s clearly outlined and documented. Moreover, affirm whether or not the homeowners of that course of have shared any related documentation with new crew members, and make sure that everybody is aware of how you can submit a change request or entry the documentation.

Additionally think about whether or not a change administration software program software can be useful to your crew. Small companies and huge enterprises alike profit from the group of firewall modifications, and people modifications shouldn’t occur randomly. Whereas change administration instruments take preliminary time to study, they’ll save time long-term by simplifying requests and approvals, particularly when including or eradicating firewall guidelines.

4. Verify the Firewall {Hardware} & Working System

After you’ve ready all of the documentation and know everybody’s roles, one of many early steps in a firewall audit course of is a {hardware} and firmware test. Have a look at the {hardware} to see whether or not it suits your organization’s requirements and safety necessities. For instance, some legacy networking {hardware} might need hardcoded default credentials — these can’t be modified from their manufacturing unit settings. These networking home equipment ought to be changed as quickly as doable.

Verify firmware, too. Is the OS updated on all patches? Full any vital safety upgrades and ensure the {hardware} is up to date to the newest model. Additionally, test your firewall distributors’ safety bulletins for current vulnerabilities, since firewall home equipment and safety gateways typically have again doorways and different exploitable weaknesses.

Whereas next-generation firewalls (NGFW) are higher-security merchandise than extra easy firewalls, they shouldn’t be exempt from preliminary checks and patches. NGFWs additionally want common updates and administration to correctly defend networks. Run vulnerability scans in your NGFWs, too.

5. Carry out a Threat Evaluation

Assess your firewall {hardware} and software program for all dangers. This consists of digital dangers, like unpatched firmware, and bodily dangers, like a server room that doesn’t require keyholder entry. A danger evaluation consists of categorizing every danger, so your groups know which to prioritize.

Don’t overlook regulatory compliance, both. Think about buying software program that helps your safety crew stay compliant with any related trade requirements, like HIPAA, SOX, and PCI-DSS. Some laws might require particular firewall configurations or information safety mechanisms.

Vulnerability scanning merchandise that help firewalls are additionally useful — they’ll flag again doorways and weaknesses in your {hardware} and configurations. Should you’re a big enterprise, a penetration testing service might present large long-term advantages. These companies comb by way of your infrastructure, together with firewalls, intimately to search out vulnerabilities. Hiring a pentester is very helpful for first-time firewall audits.

6. Overview Firewall Guidelines & Decide Greatest Practices

Firewall guidelines are the instruments that inform firewalls how you can behave, managing which site visitors they need to settle for and discard. Guidelines specify sure ports, protocols, and site visitors so firewalls know precisely which IP addresses to permit by way of and which site visitors to permit to depart the community.

Generally firewall guidelines turn into irrelevant over time. Your enterprise would possibly want to permit an IP deal with or set of addresses that was beforehand blocked. Moreover, guidelines developed over a time period by totally different admins can turn into redundant. Throughout a firewall audit, test for repetitive guidelines or ones that not match your small business’s safety aims. Then delete these, guaranteeing no gaps are left within the firewall.

Contain the change administration course of closely right here. How does your small business need to request and approve firewall rule modifications? Who’s allowed to request, who’s liable for these approvals, and who takes over accountability for approvals if an admin leaves the corporate? These are all inquiries to reply throughout an audit.

7. Overview Logs to Discover Ongoing Patterns

Firewall logs acquire packet and transmission information, storing that info for admins to overview. Log recordsdata can reveal site visitors patterns over time, which is a useful useful resource for groups as they resolve which guidelines work effectively, which don’t, and which new ones have to be created.

For instance, if a research of log recordsdata throughout a firewall audit reveals that site visitors has come from a sure IP deal with to a sure port at an odd time of day, analysis that additional. If the site visitors supply is malicious, admins can create a rule blocking that IP deal with on the port.

8. Overview Blocklists & Allowlists

Blocklists (or blacklists) and allowlists specify IP addresses which might be forbidden or permitted to connect with a corporation’s community. These might fall below your crew’s firewall guidelines, however they’re vital sufficient to say on their very own. Blocklists and allowlists enhance granularity of firewall guidelines. Some extremely protected networks would possibly even use an allowlist for all the community — solely site visitors from just a few particular IP addresses can move by way of the firewall in any respect.

The IT crew might have sure web sites that they know include malware downloads or simply have unsafe connections. Once they put the IP addresses from these websites on a blocklist, nobody who’s related to the corporate community can entry the websites. Whereas blocklists don’t cowl each menace, they’re a great way to get rid of recognized ones proper off the bat.

9. Have a look at Total Safety Compliance

We briefly touched on compliance when speaking about danger assessments, however total compliance is greater — this consists of all your small business’s safety insurance policies. First, test to see if the insurance policies are updated. They need to even be clearly documented and straightforward to search out for all related stakeholders. As soon as your groups have decided that insurance policies are up to date and documented, test that the firewall’s configuration is in step with the group’s total coverage.

Perhaps the safety coverage requires that the firewall software program implements multi-factor authentication, or perhaps solely a sure variety of individuals are permitted to entry the server room the place firewalls are put in on-premises. You’ll need to have the ability to present an intensive report back to the chief crew, proving that the firewall configuration matches insurance policies, should you’re requested.

10. Replace All Roles & Admin Permissions

This goes hand in hand with the earlier level, however replace each function and its associated entry controls, together with administrative roles. It’s doable that an worker who left the corporate two years in the past nonetheless has energetic credentials for the firewall administration console; these ought to be instantly deactivated. Moreover, take away or add any keycards to the bodily server room or workplace the place the firewall {hardware} resides.

Think about implementing the rule of least privilege to your firewall’s configuration. A least privilege entry technique mandates that entry is simply given to those that explicitly want it to carry out their jobs correctly. Least privilege entry can apply to all enterprise methods, not simply firewalls, for improved safety. Should you resolve to implement this technique, scale back worker system entry to those that want it and alter all different credentials or permissions accordingly.

11. Check New Configurations & Schedule the Subsequent Audit

As quickly as you’ve accomplished the preliminary firewall audit, put together for the subsequent one by testing the present configuration and scheduling a sequential audit. Don’t simply assume that any new configurations work — your networking, IT, and safety groups ought to be repeatedly testing the firewall guidelines and the {hardware} and software program’s total operations. The post-audit testing interval can be an acceptable time to rent a pentesting service.

Planning the subsequent audit upfront makes it extra prone to occur on schedule. Moreover, give your crew members assignments in order that they know precisely what roles they’ll have within the subsequent audit, in addition to a timeline for finishing these steps.

Free Firewall Audit Guidelines

Use the next listing so as as a short-form set of steps that you may current to any enterprise chief and use to information your audit course of.

  • __ Develop a transparent audit plan and lay out each goal your crew desires to perform in the course of the audit, documenting it totally.
  • __ Collect any information you’ll want for the audit course of, like logs, current firewall guidelines, and the homeowners of these guidelines. 
  • __ Know your small business’s change administration procedures, and take time to set them should you don’t have any but.
  • __ Overview the firewall {hardware} and working system for any safety updates or vulnerabilities, like hardcoded passwords or unpatched belongings.
  • __ Carry out a danger evaluation on all the firewall, searching for weaknesses and dangers your crew might not have beforehand seen.
  • __ Overview firewall guidelines and decide the most effective practices for creating, managing, and deleting guidelines. 
  • __ Overview firewall logs to search out any patterns or potential anomalies to your crew to discover.
  • __ Analyze all of your blocklists and allowlists to verify they’re nonetheless correct and suit your firm’s aims.
  • __ Look at your group’s total safety compliance posture towards each enterprise insurance policies and regulatory expectations.
  • __ Replace all consumer roles and the entry permissions that go along with them, particularly administrative roles and controls.
  • __ Check the brand new firewall configurations totally and schedule the subsequent firewall audit — audits ought to be common fairly than a one-time prevalence.

By following this listing or an identical one, your groups will likely be higher ready to plan and execute firewall audits sooner or later. You’ll additionally be capable of add any further steps that your crew bumped into in the course of the audit course of; that’s a standard prevalence throughout any audit course of.

Prime 3 Firewall Audit Suppliers

Should you’re searching for a firewall auditing software, think about Tufin, SolarWinds SEM, and AlgoSec as potential options. They’re three of the highest firewall auditing merchandise within the safety market, and so they provide options like compliance auditing, firewall rule compliance, and community scanning.

Tufin

Tufin is a firewall auditing software that’s meant to assist groups turn into and keep compliant with laws like HIPAA, PCI-DSS, and GDPR. Tufin additionally generates audit experiences that may be automated if wanted. It sends alerts to safety groups when one in every of their configurations doesn’t meet a specified group safety coverage. Tufin provides three plans — SecureTrack+, SecureChange+, and Enterprise; contact its gross sales crew for a customized quote.

Tufin interface.

SolarWinds SEM

SolarWinds Safety Occasion Supervisor (SEM) is a complete software for managing enterprise cybersecurity. Groups can use SEM to develop audit experiences, centralize log and occasion information from a number of community sources, and obtain real-time alerts. A SolarWinds SEM subscription license begins at $2,992, and a perpetual license begins at $6,168, however for a customized quote based mostly on your small business’s particular surroundings, contact the gross sales crew.

Solarwinds SEM interface.

AlgoSec

AlgoSec is a firewall auditing and compliance software that permits safety groups to generate experiences based mostly on compliance requirements like PCI, SOX, and HIPAA. AlgoSec checks all modifications to firewall guidelines to verify they’re according to trade compliance. It additionally paperwork the change approval course of for guidelines. For customized pricing, contact AlgoSec’s gross sales crew or request a quote; it’s also possible to purchase by way of one in every of its companions.

AlgoSec interface.

Regularly Requested Questions (FAQs)

What Is Firewall Compliance?

Firewall compliance can confer with both organizational compliance, that means the firewall meets your small business’s safety insurance policies, or regulatory compliance, that means it meets trade or authorities requirements.

Many companies must think about each. The way in which a firewall is configured, together with its guidelines, ought to align along with your group’s safety targets, since these targets are company-specific and most suited to your particular person enterprise wants (assuming they’re logical and well-developed).

What Is a Firewall Evaluation?

A firewall evaluation is a broad analysis of your firewall’s {hardware}, like home equipment, and its software program, just like the working system that manages it. An intensive evaluation also needs to cowl any firewall guidelines and entry controls. An evaluation is much like an audit, however the connotation of an audit is usually extra thorough. Nonetheless, they’ll contain a few of the similar steps.

What Do You Audit in Your Firewalls?

Audit all firewalls’ {hardware}, working methods, different administration software program, guidelines, and any further configurations. Each a part of the firewall ought to be reviewed so your small business is aware of if it really works and if its guidelines are nonetheless serving the community and group effectively.

Backside Line: Carry out Firewall Audits Constantly

Doing an preliminary audit is the largest step, however your IT, networking, or safety groups ought to schedule sequential audits over the approaching years. Constant audits save groups time in the long term as a result of they know precisely the place to search out documentation and different configuration assets. By making ready sufficiently for an audit, creating thorough and clear documentation, and testing audit success afterwards, you’ll enhance your IT infrastructure’s total safety.

To study extra about firewalls, learn concerning the widespread forms of firewalls subsequent, together with unified menace administration merchandise, database firewalls, and internet software firewalls. 

[ad_2]

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *