Re: [fw-wiz] Auditing a firewall rulebase
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Mon, 19 May 2008 14:20:49 -0400
Rules which have "any" or an equivalent keyword in themAddresses
Rules where an entire subnet has been granted access to a resource
Rules where a range of IP addresses has been granted access to a resource
Rules where a large range of ports has been opened to an IP Address /
Rules where there are design issues in the protocol itself eg. Unencryptedtraffic
Rules which are redundant and can be removed from the rulebase
That's a pretty good list, actually. I would add; rules that allow access
to the firewall. You will also want to audit for what kind of logging is
turned on/off and whether or not that poses a risk. Also think in terms of
implied rules (like interface security levels in a PIX or Global Policy in
Check Point) and whether or not those create any of the situations you
mention above.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Auditing a firewall rulebase
- From: arvind doraiswamy
- [fw-wiz] Auditing a firewall rulebase
- Prev by Date: Re: [fw-wiz] Auditing a firewall rulebase
- Next by Date: Re: [fw-wiz] Auditing a firewall rulebase
- Previous by thread: Re: [fw-wiz] Auditing a firewall rulebase
- Index(es):
