Firewall Wizards mailing list archives
Re: Auditing a firewall rulebase
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 19 May 2008 14:20:49 -0400
Rules which have "any" or an equivalent keyword in them Rules where an entire subnet has been granted access to a resource Rules where a range of IP addresses has been granted access to a resource Rules where a large range of ports has been opened to an IP Address /
Addresses
Rules where there are design issues in the protocol itself eg. Unencrypted
traffic
Rules which are redundant and can be removed from the rulebase
That's a pretty good list, actually. I would add; rules that allow access to the firewall. You will also want to audit for what kind of logging is turned on/off and whether or not that poses a risk. Also think in terms of implied rules (like interface security levels in a PIX or Global Policy in Check Point) and whether or not those create any of the situations you mention above. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Auditing a firewall rulebase arvind doraiswamy (May 19)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)
- Re: Auditing a firewall rulebase Chuck Benson (May 27)
- Re: Auditing a firewall rulebase kevin horvath (May 20)
- null routes and VPN's Kerry Milestone (May 20)
- Re: null routes and VPN's Lord Sporkton (May 27)
- Re: Auditing a firewall rulebase Lord Sporkton (May 20)
- Re: Auditing a firewall rulebase R. DuFresne (May 27)
- Re: Auditing a firewall rulebase Paul Melson (May 20)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)