RISK MANAGEMENT

Firewall Ruleset Review

Essentials

Firewalls are a critical component to an organization’s network infrastructure. Firewalls serve as one of the first lines of defense that an organization has against an external attacker. In many cases, Firewalls main purpose is to segment the internal network. If this first line of defense is weak, an organization could face considerable risk of being compromised. During a Firewall Ruleset Review, a consultant performs a line by line analysis of the firewall's configuration. The firewalls configuration is reviewed for industry best practices that are taken from the Center for Internet Security, NIST, the DoD, as well as vendor-specific guidelines used to ascertain common criteria as a starting point.

Benefits

Even the best security program can quickly become irrelevant as new exploits are released and new attack techniques are developed. Managing a security program to avoid security risks requires constant vigilance and a solid understanding of the current security threats. The situation is exacerbated by any additional need to be compliant with industry laws, regulations, and standards. When an organization needs to maintain a state of security and compliance, an expert 3rd party may be needed to manage the process effectively.

A Firewall Ruleset Review is performed in order to:

Use a relatively simple mechanism to significantly strengthen your organization’s perimeter security and network segmentation
Verify that network segmentation in fact meets best practices and supports the client’s business needs

Expertise

From network segmentation and hardening, to policy and procedure development, our Risk Management professionals provide the guidance and expertise to secure your organization. SecureState’s Risk Management team has years of expertise translating customer data and feedback to improve network infrastructures, systems, security domains, and processes in alignment with business objectives. We have assisted organizations in a myriad of industries, providing us with the knowledge of various ways that different sectors secure their data. Our expertise ranges from redesigning a branch office network topology, to meeting PCI requirements on an organization-wide basis.

The staff at SecureState draws from many years of experience when creating network designs; as well as conducting product implementation reviews, redesigns, and deployments. Our consultants are experts at configuring and maintaining Active Directory, TACACS+, DHCP, MRTG, NTP, FTP, SSH, IAS, RADIUS, CallManager and Ciscoworks servers for prolonged engagements; as well as providing transitional training to the internal networking and system administrative teams.

Get Scoping Questions Now!

Fill in your details and you can download a FREE questionnaire to ask your vendors.

Your Name

Your Phone

Your Email

Your Company

We will not share or distribute your email to anyone. It will be used solely to contact you about the service you have inquired about.

Did You Know?

Common Misconception:
The exposures identified by a Firewall Ruleset Review are only externally-facing exposures.
A Firewall Ruleset Review can identify not only externally-facing exposures, but exposures of services to internal resources outside their required access level as well.
Frequency:
A Firewall Ruleset Review should be performed every six months.

Our Approach and Methodology

The firewall device configuration is manually reviewed and examined to determine if it conforms to industry best practices and hardening techniques. Ingress and egress points, services exposed, and additional security methods are then reviewed.

The following items are manually reviewed in a Firewall Ruleset Review:

The configuration files for the identification and protection of all network segments
The processes and mechanisms for a security model that denies access by default, such that explicit access permissions must be specified
For all access points to the external presence, the implementation of only ports and services required for operations
The documentation of those entries and to the configuration of those ports and services for access request and authorization listings
The implementation of processes for monitoring and logging access at specific access points to the network.
The security monitoring process and its ability to detect and alert for attempts at, or actual unauthorized access; [Where technically feasible]
Controls for default accounts, passwords, and network management community strings
All ingress/egress points within the network

The following items are identified in a Firewall Ruleset Review:

The implementation of banners, access controls, and appropriate use policies.
Best practices implementation and lack of hardening techniques

What Makes Us Different

Does not merely run a tool against the Firewall
Performs a largely manual review to foster and retain context and understanding
Understands object-group nesting, while uncovering a potentially higher exposure level
Doesn’t simply look at the firewall rules, but also looks at the network diagram and business logic behind the rule to make sure recommended changes will not impact business processes
SecureState has experience building and securing complex enterprise networks

Related Services

Downloads

We Can Help You

Generate New Image

Enter the code from above.