Firewall Wizards mailing list archives
Re: Auditing a firewall rulebase
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Mon, 19 May 2008 14:43:14 -0400
If its an external firewall then you can check to make sure that bogon lists are being filtered. In addition check to make sure that internal ip space is being denied as the source coming from anywhere else. Make sure denied rule hits are being logged. Also check for ports and protocols that should be denied such as telnet, 1433, finger, etc inbound. On Wed, May 14, 2008 at 11:19 AM, arvind doraiswamy <arvind.doraiswamy () gmail com> wrote:
Hey Guys, What parameters would you look for if you audited a large rulebase for an enterprise firewall? These are a few I could think of. Anything else that you guys consistently look at when managing/auditing your firewalls? Do take note that I'm talking just singularly about the rule-base and not other configuration information i.e: I'm not looking at things like -- Low console session timeout OR Telnet admin interface open etc. I'm looking at just the rulebase this time around. Here are my parameters: Rules which have "any" or an equivalent keyword in them Rules where an entire subnet has been granted access to a resource Rules where a range of IP addresses has been granted access to a resource Rules where a large range of ports has been opened to an IP Address / Addresses Rules where there are design issues in the protocol itself eg. Unencrypted traffic Rules which are redundant and can be removed from the rulebase Thanks Arvind _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Auditing a firewall rulebase arvind doraiswamy (May 19)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)
- Re: Auditing a firewall rulebase Chuck Benson (May 27)
- Re: Auditing a firewall rulebase kevin horvath (May 20)
- null routes and VPN's Kerry Milestone (May 20)
- Re: null routes and VPN's Lord Sporkton (May 27)
- Re: Auditing a firewall rulebase Lord Sporkton (May 20)
- Re: Auditing a firewall rulebase R. DuFresne (May 27)
- Re: Auditing a firewall rulebase Paul Melson (May 20)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)