30 Points Firewall Security Audit Checklist

This post list out 30 Points Firewall Security Audit checklist and control points that will help in securing firewalls from bad people. Today I want to divide the security audit of firewall into five phases:

  • Information Gathering
  • Review Process of Managing Firewall
  • Physical and OS Security
  • Review implemented rules in a firewall
  • Review implemented configuration in firewall

Firewall Security Interview Questions and Answers

Information Gathering

  1. Collect network diagram of network infrastructure
  2. Collect firewall logs
  3. Ask for a security policy
  4. Ask for old firewall audit reports
  5. Check licenses and support
  6. Collect information related ISPs and VPNs
  7. Risk analysis documentation if available

Review Process of Managing Firewall

  1. Review the process of commissioning and decommissioning of firewall
  2. Interview network administrator to understand the process of change in configuration of firewall
  3. Review recent changes and check whether a procedure is being followed
  4. Ensure all changes are approved and authorized by management

10 Best Free Firewall on Windows

Physical and OS Security

  1. Check for OS hardening
  2. Check for physical security
  3. Check for vendor updates
  4. Check for procedures of device administration
  5. Ensure two firewalls of different vendors are connected in a network. One to connect the internet to the webserver and the other to connect the web server to the internal network.

Review implemented rules in firewall

  1. Delete redundant rules
  2. Disable unused rules
  3. Check firewall rules against established standards such as PCI-DSS, ISO 27001, CIS, etc.
  4. Check the documentation of the change request
  5. Check rules to allow traffic from the internet to sensitive hosts (servers, file system, databases)

Review implemented configuration in firewall

  1. Check logging is enabled
  2. Check SNMPv3 is configured
  3. Check for login banner
  4. Check insecure protocols such as telnet, HTTP etc. are disabled
  5. Check strong password is set
  6. Check idle time for device management out is less than 10 min
  7. Check device is secure against brute force mechanism of password
  8. Check redundant NTP server available and configured correctly
  9. Check 'TACACS+/RADIUS' is configured if available
  10. Ensure SSH is configured correctly
  11. Ensure Routing protocols (RIP, OSPF, EIGRP) authentication correctly configured
  12. Ensure DOS protection is enabled if available
  13. Ensure DNS monitoring and sinkholing is enabled
  14. Check accessed logs are logged
  15. Ensure secure protocol (e.g., SFTP) is used to transfer files
  16. If FTP needs to be implemented, the server is located in a different subnet than the internal protected network.
  17. Ensure to identify open ports by using the Nmap tool

Conclusion

This is a firewall security audit checklist to secure a firewall in an IT system. A firewall is the first line of defense, security, and if hardens correctly to mitigate the risk of compromise.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

  1. Adithya says:

    Perfect checklist, helps me to set objectives for my team of engineers.

Leave a Reply

Your email address will not be published.