[fw-wiz] Auditing a firewall rulebase
- From: "arvind doraiswamy" <arvind.doraiswamy@xxxxxxxxx>
- Date: Wed, 14 May 2008 20:49:12 +0530
Hey Guys,
What parameters would you look for if you audited a large rulebase for
an enterprise firewall? These are a few I could think of. Anything
else that you guys consistently look at when managing/auditing your
firewalls? Do take note that I'm talking just singularly about the
rule-base and not other configuration information i.e: I'm not looking
at things like -- Low console session timeout OR Telnet admin
interface open etc. I'm looking at just the rulebase this time around.
Here are my parameters:
Rules which have "any" or an equivalent keyword in them
Rules where an entire subnet has been granted access to a resource
Rules where a range of IP addresses has been granted access to a resource
Rules where a large range of ports has been opened to an IP Address / Addresses
Rules where there are design issues in the protocol itself
eg. Unencrypted traffic
Rules which are redundant and can be removed from the rulebase
Thanks
Arvind
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Auditing a firewall rulebase
- From: Paul Melson
- Re: [fw-wiz] Auditing a firewall rulebase
- From: Lord Sporkton
- [fw-wiz] null routes and VPN's
- From: Kerry Milestone
- Re: [fw-wiz] Auditing a firewall rulebase
- From: kevin horvath
- Re: [fw-wiz] Auditing a firewall rulebase
- From: Darden, Patrick S.
- Re: [fw-wiz] Auditing a firewall rulebase
- Prev by Date: [fw-wiz] SonicWall 4060Pro and multiple VPNs problem
- Next by Date: Re: [fw-wiz] Auditing a firewall rulebase
- Previous by thread: [fw-wiz] SonicWall 4060Pro and multiple VPNs problem
- Next by thread: Re: [fw-wiz] Auditing a firewall rulebase
- Index(es):
Relevant Pages
|
