30 Points Firewall Security Audit Checklist
This post list 30 Points Firewall Security Audit checklist and control points that will help in securing firewalls from bad people. Today I want to divide the security audit of the firewall into five phases:
- Information Gathering
- Review Process of Managing Firewall
- Physical and OS Security
- Review implemented rules in a firewall
- Review implemented configuration in the firewall
Firewall Security Interview Questions and Answers
- Collect network diagram of network infrastructure
- Collect firewall logs
- Ask for a security policy
- Ask for old firewall audit reports
- Check licenses and support
- Collect information related ISPs and VPNs
- Risk analysis documentation if available
Review Process of Managing Firewall
- Review the process of commissioning and decommissioning of firewall
- Interview the network administrator to understand the process of change in the configuration of the firewall
- Review recent changes and check whether a procedure is being followed
- Ensure all changes are approved and authorized by management
10 Best Free Firewall on Windows
Physical and OS Security
- Check for OS hardening
- Check for physical security
- Check for vendor updates
- Check for procedures of device administration
- Ensure two firewalls of different vendors are connected to a network. One is to connect the internet to the web server and the other is to connect the web server to the internal network.
Review implemented rules in the firewall
- Delete redundant rules
- Disable unused rules
- Check firewall rules against established standards such as PCI-DSS, ISO 27001, CIS, etc.
- Check the documentation of the change request
- Check rules to allow traffic from the internet to sensitive hosts (servers, file system, databases)
Review implemented configuration in the firewall
- Check logging is enabled
- Check SNMPv3 is configured
- Check for the login banner
- Check insecure protocols such as telnet, HTTP, etc. are disabled
- Check strong password is set
- Check idle time for device management out is less than 10 min
- Check device is secure against the brute force mechanism of password
- Check redundant NTP server available and configured correctly
- Check 'TACACS+/RADIUS' is configured if available
- Ensure SSH is configured correctly
- Ensure Routing protocols (RIP, OSPF, EIGRP) authentication is correctly configured
- Ensure DOS protection is enabled if available
- Ensure DNS monitoring and sinkholing are enabled
- Check accessed logs are logged
- Ensure secure protocol (e.g., SFTP) is used to transfer files
- If FTP needs to be implemented, the server is located in a different subnet than the internally protected network.
- Ensure to identify open ports by using the Nmap tool
This is a firewall security audit checklist to secure a firewall in an IT system. A firewall is the first line of defense and security, and if hardens correctly it mitigates the risk of compromise.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Perfect checklist, helps me to set objectives for my team of engineers.