Firewall Audit

Most business have a corporate network, a LAN (local area network), this network is comprised of network devices such as firewalls, routers, and switches.

All of these devices are connected via cables or wireless infrastructure and form the backbone of your network. If any of these devices were to be compromised the malicious actors could potentially go unnoticed modifying network flows, creating shadow networks, collecting data and monitoring traffic for considerable amount of time.

A number of nightmare scenarios could come to fruition with compromise of a network device.

..99 percent of firewall breaches will be caused by firewall misconfigurations, not firewall flaws.

Gartner | Adam Hils , Rajpreet Kaur, One Brand of Firewall is a Best Practice for Most Enterprises

Regardless of how good your governance policies may be, exceptions happen, and things get forgotten.

Emergency changes to allow quick access, after all your business is dynamic and wants to facilitate an import project, promptly. The odd firewall rule change or port opening up some Network Access Controls (NAC).

We may not be following the best of practices, but that's ok, its only for a short period of time, right? You have a nightmare scenario; your go live date is a few days away and your systems are still not functioning as expected. An emergency change is approved to allow all ports and services to be opened on the firewall. In aid of testing and diagnosing the fault. Changes will be reverted once the testing has been completed anyway, wont they...?

Does this sound familiar? We have seen these types of situations many times and completely understand why they happen; however, pragmatism can quickly turn to a data leak when these types of changes are forgotten, and open rules left unchecked for anyone to abuse.

Once a firewall is in situ, regular audits of at least once annually should be planned as part of best practice. Undertaking annual audits would greatly increase the likelihood of finding any security concerns before they are abused.

Laneden can help you build a security program that includes regular auditing of these devices, not only the rule sets but identifying known vulnerabilities and general insecure configurations. Delivering a simple to understand report detailing all the findings and recommendations.