Steps to Prepare for a Firewall Audit
Last Updated December 15, 2015
Firewalls form the first line of defense for hazardous incoming or outgoing information in a network. By protecting systems from hacking attempts to blocking access for unauthorized programs that may try to transmit sensitive information to external parties, firewalls are a crucial part of system security.
Yet like any security process, firewalls can be more effective or less effective depending on settings and human error. To ensure that your firewalls are functioning at an optimal level, occasional firewall audits can offer network administrators the chance to analyze and optimize settings. This article highlights the steps to carrying out a general firewall audit.
Steps for Preparation
Gather information – The first step is to try to get a detailed account of relevant information, including the network hardware and software your organization uses and that interact in some way with firewall policies. While seemingly obvious, some network administrators overlook all of the connections in favor of a quick look at the firewall software itself. Without a sense of how everything interacts, it becomes harder to find the weakest link and shore up security accordingly. Previous audits can be an excellent resource here, as well, which can serve as a reminder that adequately storing information for future audits is just as important as the information itself.
Review the review process – In general, a successful firewall audit is carried out with a sense of structure and purpose. Unfortunately, some administrators tend to look at the audit in a loose, unplanned fashion, which can greatly increase the possibility that an important detail may be overlooked. To avoid this, apply change management procedures to the review process. Examine the role of managers and determine whether tasks are documented and reported in an efficient, appropriate manner. Clarify the overall purpose of the change, and create a timeframe and anticipate problems. By approaching the process in a more systematic way, the audit can proceed more smoothly and produce results that are more constructive.
Start to look at the technical details – Reviewing security starts with carefully looking at which employees have access to security settings and hardware and which, crucially, should not have access. This includes both the firewall’s software settings and the physical access to the network hardware rooms. Also, be sure to update software with the latest patches and ensure that the hardware is fully functioning.
Optimize firewall rules and settings – Over time, the rules for incoming and outgoing connections can become somewhat unwieldy, particularly as software programs are updated or changed. Check and clean up these rules to find whether old, outdated programs that are no longer used are still included in legacy rule sets. Check for duplicate rules or overlapping rules that can be consolidated to ease readability. Make sure that all rules are clearly named and use a consistent, understandable format.
Go deeper and assess rule risk – Take a closer look at the rules that remain after the cleanup in the previous step. How effective are they? Do any rules go beyond their intention and open ports to potential security breaches? This tends to be seen in rules that are overly general, either allowing excessive traffic through unintended pathways or accidentally being applicable for all programs, rather than a specific few.
Make your systems audit-ready – Instead of treating audits as an annual process, take the opportunity to ensure that systems are at an appropriate security level at all times. Automate the process as much as possible to avoid something slipping through the cracks. Check documentation procedures to make sure that all administrators know exactly where the system stands. It is far better to be audit-ready all the time than to have a perfect audit once a year, only to then let your guard down once the audit is completed.
The End Goal
While not a comprehensive list, these steps should serve to provide a sense of how one prepares for a full firewall audit. By getting highly familiar with network details and maintaining a strong security infrastructure, you stand to not only pass your audit, but also keep the system and its data safe at all points throughout the year.