Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
www.cyberoam.com
www.cyberoam.com
Our Products
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Netwo...
www.cyberoam.com
Agenda
 Need of Firewall Audit
 Firewall Audit Procedures
 Evaluation Parameters and Best Practices
www.cyberoam.com
What necessitates firewall security audit?
 Firewalls are solely responsible for any good or bad traffic...
www.cyberoam.com
Firewall Audit Procedure
 Baselines and Procedures
 Identification & Authentication
 Configuration
 A...
www.cyberoam.com
Baselines and Procedures
 Evaluation Parameter:
 Checking proper documentation for firewall
baseline an...
www.cyberoam.com
Identification & Authentication
 Evaluation Parameter:
 Is the firewall being managed by third party pe...
www.cyberoam.com
Identification & Authentication
 Standards & Best Practices:
 Third Party personnel managing the firewa...
www.cyberoam.com
Configuration
 Evaluation Parameters:
 Is the firewall configured to be able to protect the network aga...
www.cyberoam.com
Configuration
 Standards & Best Practices:
 Rule sets should be tested every 6 months to a year
dependi...
www.cyberoam.com
Auditing and Administration
 Evaluation Parameters:
 Are log recipient hosts identified
and configured?...
www.cyberoam.com
Auditing and Administration
 Evaluation Parameters:
 Are the logs backed up? How often is the backup
ta...
www.cyberoam.com
Auditing and Administration
 Evaluation Parameters:
 What is the procedure followed upon detection
of a...
www.cyberoam.com
Auditing and Administration
Standards & Best Practices:
 Logging helps track incident
 The review of lo...
www.cyberoam.com
Auditing and Administration
Standards & Best Practices:
 Well documented Firewall configuration
 Login ...
www.cyberoam.com
Configuration Change Management
 Evaluation Parameters:
 Is there a documented change management
proced...
www.cyberoam.com
Management & Monitoring
 Evaluation Parameters:
 Checking periodic review for firewall
configuration
 ...
www.cyberoam.com
Failover / Redundancy
 Evaluation Parameters:
 Is the firewall configured for proper recovery
from fail...
www.cyberoam.com
Findings and Recommendations
Sr. No Findings / Recommendations
Implementation
Priority
1 The configuratio...
www.cyberoam.com
Thank you
Contact: sales@cyberoam.com
Prochain SlideShare
Chargement dans…5
×

How to Audit Firewall, what are the standard Practices for Firewall Audit

4 696 vues

Publié le

Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.

Publié dans : Technologie
  • My struggles with my dissertation were long gone since the day I contacted Emily for my dissertation help. Great assistance by guys from ⇒⇒⇒WRITE-MY-PAPER.net ⇐⇐⇐
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • If u need a hand in making your writing assignments - visit ⇒ www.HelpWriting.net ⇐ for more detailed information.
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • This information is very helpful to know more about Cyberoam Firewall. Visit https://www.sancuro.com/high-availability-ha-configuration-for-cyberoam-firewall-for-model-cr100ing-cr200ing-cr300ing.html to purchase High Availability (HA) Configuration For Cyberoam Firewall For Model CR100iNG, CR200iNG, CR300iNG online with sancuro ecommerce platform.
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

How to Audit Firewall, what are the standard Practices for Firewall Audit

  1. 1. www.cyberoam.com www.cyberoam.com Our Products © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Network Security Appliances - UTM, NGFW (Hardware & Virtual) Modem Router Integrated Security appliance Implemented, Secured – Now Let’s Audit the Firewall Presenter: Keyur Shah Manager - Presales
  2. 2. www.cyberoam.com Agenda  Need of Firewall Audit  Firewall Audit Procedures  Evaluation Parameters and Best Practices
  3. 3. www.cyberoam.com What necessitates firewall security audit?  Firewalls are solely responsible for any good or bad traffic  Exponential growth in networks, networking speed & devices, apps, web / cloud / virtualization infrastructure has increased firewall complexity in terms of placement, rules and settings  As many as 80% of firewalls examined in a recent data breach investigation were found poorly configured!  A quarter of UK and US businesses have had to re-do more than 60% of all firewall changes since they were not implemented correctly the first time
  4. 4. www.cyberoam.com Firewall Audit Procedure  Baselines and Procedures  Identification & Authentication  Configuration  Auditing and Administration  Configuration Change Management  Management & Monitoring  Failover / Redundancy  Findings and Recommendations
  5. 5. www.cyberoam.com Baselines and Procedures  Evaluation Parameter:  Checking proper documentation for firewall baseline and key firewall procedures  Standards & Best Practices:  Having a baseline for firewall helps implement a security level that is consistent across the organization  Documented procedures relating to backup, monitoring and incidence response reduces manual dependency
  6. 6. www.cyberoam.com Identification & Authentication  Evaluation Parameter:  Is the firewall being managed by third party personnel or by the organization itself? If managed by third party, is it protected by an NDA?  Are all administrators authenticated using individual accounts before granting access to the firewall's administration interface?  What is the procedure for creating users/administrators?  Are all administrator accounts assigned the lowest privilege level that allows them to perform their duties?  How often is the firewall configuration reviewed for presence of unauthorized accounts?
  7. 7. www.cyberoam.com Identification & Authentication  Standards & Best Practices:  Third Party personnel managing the firewall of an organization need to sign an NDA with the later  Maintaining individual accounts for each administrator helps implement accountability for any malicious activity occurring intentionally or unintentionally  Procedures should address both creation as well as deletion of user accounts for the firewall  Administrators should be assigned the lowest privilege level that allows them to perform their job  Unauthorized accounts pose a serious threat to the overall security posture of the organization
  8. 8. www.cyberoam.com Configuration  Evaluation Parameters:  Is the firewall configured to be able to protect the network against denial of service attacks such as Ping of Death, TCP SYN floods, etc.  Is any sort of Ingress/Egress Filtering configured?  Does the firewall use the latest version of the firewall software with all security- related patches applied?  How often is the firewall configuration rule sets tested in the form of a PT/VA?  Are the firewall administrators registered with the vendors’ vulnerability mailing list to keep themselves updated with the latest security patches?  Does the firewall perform anti-virus scanning and content security checking of all inbound packets for HTTP, FTP and SMTP?  How is the performance of the firewall monitored? (memory , CPU)  Are any VPNs configured on the firewall?
  9. 9. www.cyberoam.com Configuration  Standards & Best Practices:  Rule sets should be tested every 6 months to a year depending on the number of changes made to the configuration file  Firewall administrators should subscribe to vulnerability mailing list pertaining to their firewall in order to be aware of the latest vulnerabilities affecting their product  As part of the capacity management procedure, periodic reviews of the key parameters such as memory, CPU should be monitored to address current and future needs
  10. 10. www.cyberoam.com Auditing and Administration  Evaluation Parameters:  Are log recipient hosts identified and configured?  Is the security of the logs on the host maintained through local OS settings?  How often are the logs reviewed? Does senior management receive status reports?  Is logging timestamp enabled?  Is the time synchronized with an NTP Server?  Are logs reviewed/ monitored regularly?
  11. 11. www.cyberoam.com Auditing and Administration  Evaluation Parameters:  Are the logs backed up? How often is the backup taken? What is the retention period of the logs?  Is the firewall configuration data backed up weekly and / or whenever configuration changes occur?  Where is the configuration data backup stored?  Is the firewall configuration well documented?  Is a login banner defined when accessing the firewall?  Is the firewall configured to alarm the administrator for a potential attack or system failure?
  12. 12. www.cyberoam.com Auditing and Administration  Evaluation Parameters:  What is the procedure followed upon detection of a particular incident?  Is in-band management restricted to a limited number of IP addresses?  Is a local password assigned to the telnet or SSH process?  Is SNMP used to manage the firewall? If no, is the service disabled?  Is a time-out defined for idle sessions?
  13. 13. www.cyberoam.com Auditing and Administration Standards & Best Practices:  Logging helps track incident  The review of logs should be documented and sent for manager’s review  Including timestamps in messages allows tracing network attacks more credibly  Firewall configuration should be backed up according to the firewall policy. (whenever a configuration change takes place)  The configuration files should be stored either on tapes or a file server
  14. 14. www.cyberoam.com Auditing and Administration Standards & Best Practices:  Well documented Firewall configuration  Login banner should be defined on the firewall  A documented Incident Management Procedure  All management communication between the management hosts and the firewall should be encrypted  The password should be stored in a manner consistent site's security policy  If the SNMP service, if not used , should be explicitly disabled
  15. 15. www.cyberoam.com Configuration Change Management  Evaluation Parameters:  Is there a documented change management procedure for changes applied on the firewall?  Standards & Best Practices:  Since the application software change management document addresses software change management procedures, it should be expanded to include networking devices such as a firewall too.
  16. 16. www.cyberoam.com Management & Monitoring  Evaluation Parameters:  Checking periodic review for firewall configuration  Is the firewall configuration (hard copy) stored in a secured location?  Checking whether firewall administrator details (matrix) document get updated
  17. 17. www.cyberoam.com Failover / Redundancy  Evaluation Parameters:  Is the firewall configured for proper recovery from failure or interruption?  What is the procedure to be followed if the firewall fails?  Is the hot standby firewall in sync with active firewall configuration and software updates?  Is hot standby/recovery procedures of the firewall periodically tested?  Standards & Best Practices:  HA should be configured, for firewall being a critical device  Availability of immediate backup firewall for uninterrupted business continuity
  18. 18. www.cyberoam.com Findings and Recommendations Sr. No Findings / Recommendations Implementation Priority 1 The configuration file should be reviewed periodically to check for its accuracy. High 2 Logs should be stored on logging host which is hardened enough. High 3 Firewall is accessible from the whole network. A dedicated machine can be placed inside the data center to which Admin can login and manage the Cyberoam and Layer-3 switches etc. High 4 The review of logs should be documented and sent to the manager for review. High 5 Logs of the firewall should be backed up and retained. Log retention time period should be defined. Medium 6 As part of the capacity management procedure, periodic reviews of the key parameters such as memory, CPU should be monitored on the firewall to address current and future needs. Medium 7 Login banner should be defined on the firewall. Medium 8 A documented Incident Management Procedure should be available for alerts detected by the firewall. Medium 9 Firewall baseline and the procedures related to the firewall should be documented. Medium 10 Procedures should address the creation as well as the deletion of the user accounts created on the firewall. Low 11 Firewall configuration should be well documented. Low
  19. 19. www.cyberoam.com Thank you Contact: sales@cyberoam.com

×