Firewall Policy Reviews

“The implementation of a firewall management solution corresponds to a median reduction in risk of about 3.6 times and a median annual return on investment of more than 200 times.” – Derek Brink, author of Quantifying the Value of Intelligent Security Management.

The guiding principle of the firewall review methodology is to ensure “Actual” equals “Approved” where “Approved” includes all policies, documented standards and other directives from senior management. The core objectives of the review include

• Ensure that the firewall configuration and rule set meet business
  compliance requirements by verifying that actual configurations and traffic really flowing through the firewalls matches approved configurations and traffic that is approved to flow through the firewalls.
• Identify change management and vulnerability management process requirements to ensure ongoing compliance.
• Compare adherence to best practices and standards such as PCI DSS v2.0, ISO 27001/2 to business requirements.
  We follow best practices methodology for the firewall review process such as tracking, Form based logging of findings viz master form, Review results forms to show the assignee, assigner, completion and status along with the compliance level.

A high level firewall review steps

• Step 1 : Review Network Diagram
• Step 2 : Review Information Flows
• Step 3 : Review Approved Services, Protocols and Ports List
• Step 4 : Review Firewall Configuration
• Step 5 : Review Firewall Rule Set (Traffic analysis)
• Step 6 : Implement Remediation as Required
• Step 7 : Prepare Report on Findings
• Step 8 : Update Firewall Review Audit Trail

Call us for a free consultation at 609-955-3551.