![]() ![]() You can put the change ticket number in the comment field, so that the rule will include a hyperlink back to the change ticket to simplify your view of the firewall audit trail. For example, Tufin SecureTrack shows you who added the rule and when, as well as if they added anything else to the policy at the same time. There are more automated ways to do this type of firewall security audit. The comment on each firewall security policy rule should have at least two pieces of data: the change ID of the request and the initials of the engineer who implemented the change. Now, match the change requests up with the firewall rule that implemented the requested traffic. If you’re performing this audit manually, the first thing you need to do is match each of the changes with a firewall device and with a policy. Is there an expiration date for the change?.Is there documentation of the change window and/or install date for each change?. ![]() Is there documentation of risk analysis for each change?.Are the changes well-documented in the change ticket?.Are the approvers all authorized to approve firewall changes (you will need to request a list of authorized individuals)?.Were the approvals recorded before the change was implemented?.Are there proper reviewer and approval signatures (digital or physical)?.Is the business reason for the change documented?.Is the requester documented, and are they authorized to make firewall change requests?.Here are the basic firewall policy rule checklist questions you should be asking when you audit a firewall change: You’ll first need to randomly pull around 10 change requests since the last audit. ![]() You can accomplish this in a few different ways – depending on whether you have a tool to assist you or you are doing it manually. The goal of this step is to make sure that requested changes were properly approved, implemented and documented. The first technical step in a firewall audit is usually a review of the firewall change process. I’ll go over many of the technical details you need to check if you’re pre-auditing your firewall before the audit team arrives, or if you’ve been tasked to audit the firewall yourself. In my experience, these two steps are the most important. Today I want to focus on two parts of the firewall audit: the reviewing of the access policy change process, and the reviewing of the firewall rule base. A firewall audit is a process that provides visibility into your firewall’s existing access and connections, identifies vulnerabilities, and reports on firewall changes. In my last post I talked about preparing for a firewall audit and all the control points that an auditor will want to check in order to understand if your firewall operations are auditable and repeatable. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |