30 Points Firewall Security Audit Checklist

This post lists the 30 Points Firewall Security Audit checklist and control points that will help in securing firewalls from bad people. Today I want to divide the security audit of the firewall into five phases:

  • Information Gathering
  • Review Process of Managing Firewall
  • Physical and OS Security
  • Review implemented rules in a firewall
  • Review the implemented configuration in the firewall

Firewall Security Interview Questions and Answers

Information Gathering

  1. Collect network diagram of network infrastructure
  2. Collect firewall logs
  3. Ask for a security policy
  4. Ask for old firewall audit reports
  5. Check licenses and support
  6. Collect information related to ISPs and VPNs
  7. Risk analysis documentation if available

Review Process of Managing Firewall

  1. Review the process of commissioning and decommissioning of firewall
  2. Interview the network administrator to understand the process of change in the configuration of the firewall
  3. Review recent changes and check whether a procedure is being followed
  4. Ensure all changes are approved and authorized by management

10 Best Free Firewalls on Windows

Physical and OS Security

  1. Check for OS hardening
  2. Check for physical security
  3. Check for vendor updates
  4. Check for procedures of device administration
  5. Ensure two firewalls of different vendors are connected to a network. One is to connect the internet to the web server and the other is to connect the web server to the internal network.

Review implemented rules in the firewall

  1. Delete redundant rules
  2. Disable unused rules
  3. Check firewall rules against established standards such as PCI-DSS, ISO 27001, CIS, etc.
  4. Check the documentation of the change request
  5. Check rules to allow traffic from the internet to sensitive hosts (servers, file systems, databases)

Review the implemented configuration in the firewall

  1. Check logging is enabled
  2. Check that SNMPv3 is configured
  3. Check for the login banner
  4. Check insecure protocols such as telnet, HTTP, etc. are disabled
  5. Check strong password is set
  6. Check idle time for device management out is less than 10 min
  7. Check device is secure against the brute force mechanism of password
  8. Check redundant NTP server available and configured correctly
  9. Check 'TACACS+/RADIUS' is configured if available
  10. Ensure SSH is configured correctly
  11. Ensure Routing protocols (RIP, OSPF, EIGRP) authentication is correctly configured
  12. Ensure DOS protection is enabled if available
  13. Ensure DNS monitoring and sinkhole are enabled
  14. Check that accessed logs are logged
  15. Ensure secure protocol (e.g., SFTP) is used to transfer files
  16. If FTP needs to be implemented, the server is located in a different subnet than the internally protected network.
  17. Ensure to identify open ports by using the Nmap tool

Conclusion

This is a firewall security audit checklist to secure a firewall in an IT system. A firewall is the first line of defense and security, and if hardened correctly it mitigates the risk of compromise.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

  1. Adithya says:

    Perfect checklist, helps me to set objectives for my team of engineers.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues