Can I ask some questions about management of perimeter defences?
Say you have a Firewall/IDS, installed to supplier best practice.
What responsibilities of a firewall admin after its live? Am I correct in thinking IDS is similar to AV in that you need to keep getting updated definitions to protect attacks? How frequently are they released?
Are there security patches for such products? If so what kinds of vulnerabilities do these patch, could one (if exploited) bring down or disable the firewall/IDS – or is that a bit dramatic – what’s the potential impact?
I believe firewalls are based on rules? When will rules need to be reviewed, i.e. what internally will affect if a rule base needs to be reviewed, and can you test for perhaps “stale rules”, i.e. unnecessary rules, those that aren’t being utilised are could potentially be disabled? If so how do you go about this?
How can you test your firewall from the outside, is it an easy task or very very complex?