Network Security: Detailed info on What should be in a firewall audit checklist?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

What should be in a firewall audit checklist?

from [Doug Fox] Network Security

[Permanent Link]

Subject:	What should be in a firewall audit checklist?
Date:	Sat, 26 Nov 2005 17:26:17 -0500

A friend asked me to audit his firewall at work.
Honestly, I have no clue even though googled for many days.

In this context, I am planning to audit the firewall as follows: Any comments/suggestions are welcome.

1) The placement or location of the firewall 2) Vulnerability scanning the firewall from outside, e.g., Internet 3) The rulebase or security policy according to its vendor recommendation 4) I will also check the access control (ID, password and priviledges) to the system. 5) physical security of the system 6) Monitoring of the firewall log, to find out if any port scanning or hacking activities 7) Rulebase Change Control 8) documentation 9) Please generously point out the missing pieces as you see it.

Any input/comments are greatly appreciated.

Thanks,

Doug

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
What should be in a firewall audit checklist?, Doug Fox <= Re: What should be in a firewall audit checklist?, Stephen Samuel

Previous by Date:	Re: Number of devices per engineer, Andres Riancho
Next by Date:	RE: CHECKPOINT VPN Client, Chris Serafin
Previous by Thread:	Freeware Firewall for Sun Solaris, Wee Seng Lim
Next by Thread:	Re: What should be in a firewall audit checklist?, Stephen Samuel
Indexes:	[Date] [Thread] [Top] [All Lists]