30 Points Firewall Security Audit Checklist
This post list out 30 Points Firewall Security Audit checklist and control points that will help in securing firewalls from bad people. Today I want to divide the security audit of firewall into five phases:
- Information Gathering
- Review Process of Managing Firewall
- Physical and OS Security
- Review implemented rules in a firewall
- Review implemented configuration in firewall
- Collect network diagram of network infrastructure
- Collect firewall logs
- Ask for a security policy
- Ask for old firewall audit reports
- Check licenses and support
- Collect information related ISPs and VPNs
- Risk analysis documentation if available
Review Process of Managing Firewall
- Review the process of commissioning and decommissioning of firewall
- Interview network administrator to understand the process of change in configuration of firewall
- Review recent changes and check whether a procedure is being followed
- Ensure all changes are approved and authorized by management
Physical and OS Security
- Check for OS hardening
- Check for physical security
- Check for vendor updates
- Check for procedures of device administration
- Ensure two firewalls of different vendors are connected in a network. One to connect the internet to the webserver and the other to connect the web server to the internal network.
Review implemented rules in firewall
- Delete redundant rules
- Disable unused rules
- Check firewall rules against established standards such as PCI-DSS, ISO 27001, CIS, etc.
- Check the documentation of the change request
- Check rules to allow traffic from the internet to sensitive hosts (servers, file system, databases)
Review implemented configuration in firewall
- Check logging is enabled
- Check SNMPv3 is configured
- Check for login banner
- Check insecure protocols such as telnet, HTTP etc. are disabled
- Check strong password is set
- Check idle time for device management out is less than 10 min
- Check device is secure against brute force mechanism of password
- Check redundant NTP server available and configured correctly
- Check 'TACACS+/RADIUS' is configured if available
- Ensure SSH is configured correctly
- Ensure Routing protocols (RIP, OSPF, EIGRP) authentication correctly configured
- Ensure DOS protection is enabled if available
- Ensure DNS monitoring and sinkholing is enabled
- Check accessed logs are logged
- Ensure secure protocol (e.g., SFTP) is used to transfer files
- If FTP needs to be implemented, the server is located in a different subnet than the internal protected network.
- Ensure to identify open ports by using the Nmap tool
This is a firewall security audit checklist to secure a firewall in an IT system. A firewall is the first line of defense, security, and if hardens correctly to mitigate the risk of compromise.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.