Auditing of networks has a big role to play in keeping your system safe. One audit which can help you to ensure that your network connections and internet use are secured is the firewall audit. This helps to establish how well secured the network is, rather than how secure customers or IT staff believe that it is. Policies and standards such as the PCI-DSS and the SOX have been established to help companies audit their firewalls. Even if you don’t need to comply to government standards yet, you will still need to conduct firewall auditing in order to preserve your own security. There are good reasons for attempting to audit the firewall, including the aim of spotting weaknesses within the security policy for your firewall, and spotting places where that policy might need to be improved.
Start with the security change policy
When you begin a firewall audit, the first step is to examine the change process, the policy alterations which the firewall will make automatically in order to improve defence. What is important is that the audit should focus upon how the changes are implemented, and how they are documented by the firewall. You should take a few of the automated change requests performed recently, and examine them for documentation and authorisation. Ensure that all of the data has been delivered via an authenticated user, and that there has been no external attempt to change the firewall policies. You can find automated software which will help you to run this part of the audit.
Auditing the rule base
The next part of the firewall auditing process is to look at the rule base. This is the area which controls the security rules for your firewall, and is also known as the policy. These should assess the number of rules which are being used by the firewall, and how many of them are needed. Look for undocumented rules, or rules which are not required any more. Look for details in the rules which are not used. When running the audit, IT teams should also be looking for rules which have very permissive statements, or contain over a dictated number of IP addresses. Unnecessary or outdated rules could leave you open to malware or hacking.
Completing the audit
When you have checked the policy and rule bases of your firewall, it can also be a good time to conduct risk assessments of your firewall, including the configurations which have been set by others in the team. Decide if any of these configurations have allowed overly permissive policies, and whether these constitute acceptable levels of risk, or if they need to be removed. You can use automated software to help you clear up the unwanted policies and rules based upon your audit.
