Firewal Audit

Posted on 2011-05-06
Last Modified: 2012-05-11
Can anyone tell me what would be involved in a firewall audit? i.e. what kinds of things would be reviewed and reported on? And also why would someone use " a pair" of firewalls on the perimter, which are cisco asa 5510, why do you need 2 , please keep replies management terms as opposed to firewall technie where poss...
Question by:pma111
    1 Comment
    LVL 33

    Accepted Solution

    A firewall audit can be many things.  

    The usual setup is this:  

    An Administrator handles the firewall and applies code.  
    A Security Admin Reviews changes to the firewall and all changes must be accounted for.  
    Changes to the firewall by an admin must be reviewed and approved by the sec admin.  
    Sec admin will review a daily (or weekly or whatever) change log for the unit.   Sec admin is looking for unauthorized changes to the code.  

    Firewalls are audited to look for best practices and to ensure common baseline security measures are met.   This may be done by an in house tech auditor or by and external company or (if you are in those sectors) by a federal agency.     Typical stuff to look for:
    disabling insecure protocols (telnet, http)
    locked down ips/ports.   Checking to make sure you aren't allowing all ip for example.
    looking to justify the open ports into the network (i.e. does Server A really need ssh to it from outside)

    Dual external firewalls are used as a 2nd layer of security.   Sometimes the 2 firewalls are managed by 2 different teams to protect against "an agent on the inside".     Financial institutions are usually required to run like this.   Often, the 2 units are from 2 different vendors as well.    Its all about that extra layer of protection.   Say you have a sonicwall on the front and an ASA in the back.    Even *IF* the sonic wall could be breached, BAM, you run into the ASA.  That gives the it team time to remediate the breach.    (Sony should have paid attention).

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now