Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

CISCO ASA Audit

need to Audit a Cisco ASA firewall which is as usual under the Network Admin control.

1) what things i should request to have a good audit. Config file i already requested.
2)do in normal audit world, Auditor get access to Firewall, if yes what Privilege right i should ask
 
0
osloboy
Asked:
osloboy
  • 5
  • 4
1 Solution
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
I'd also ask for documentation of stuff like network diagram, IP ranges used e.g. for LAN/DMZ, VPN-documentation with required ports/communication of the VPNs. Check the software version to see whether it's current and does not have any known bugs/holes.
Also, if possible, do an external security scan from the outside to check whether the applications available to the outside do not have any known security holes, as well as whether the access lists are working as intended.
0
 
osloboyAuthor Commented:
************* any idea for no "2"

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
If you already have the config, access to the firewall itself (except for confirming the config is the same on the machine as in the copy you got) probably isn't that important ...

Oh, and maybe another thing to check for - get information on who has access to the firewall, from where it can be accessed, and about how changes to the config are handled (documentation, checking after the change to see whether everything is working and nothing is compromised, etc.)
0
Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

 
osloboyAuthor Commented:
thanks

should i request for the LOGs, as i think most of the time ADMIN do not like to keep logs due to performance.

which CISCO tool is best to read ASA logs.

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Logs are nice for ad-hoc debugging etc., but not really that helpful for a security audit ... also, on the box itself the storage is pretty limited ...
Apart from that, the logs are ASCII, so any editor would do ...
0
 
osloboyAuthor Commented:
if it is it that simple to Audit a Firewall, then why Security companies charge to high or we are missing any point
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
well, you do need the experience to understand what the firewall is doing, that the configuration fits what it's supposed to do, understand what attack vectors there may be to look for stuff missing, ...
To be pretty clear: If you don't have the experience to design and configure a firewall setup, you can't audit it effectively. Either that, or your results are worth less than the paper you hand over at the end.
0
 
osloboyAuthor Commented:
as experienced person can you please some good books on firewall analyst
0
 
osloboyAuthor Commented:
good
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now