Sean Lowder Firewall Auditing

7/23/2019 Sean Lowder Firewall Auditing

http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 1/16

Firewall AuditingSean K. LowderCISSP / MCSE / [email protected]



Sean K. Lowder CISSP ©2007 2

io

Currentl! em"lo!ed at lue Cross lue S#ield o$ Louisianaas t#e In$ormation Securit! Manager.

I%&e been in t#e com"uter industr! $or '( !ears) and #ass"eciali*ed in in$ormation securit! $or t#e last '+ !ears.

I #a&e &arious industr! certi,cations) including Certi,edIn$ormation S!stems Securit! Pro$essional -CISSP) Certi,ed

No&ell Engineer -CNE) Microso$t Certi,ed S!stemsEngineer -MCSE) and Cisco Certi,ed Networ Associate-CCNA. I recei&ed m! S in In$ormation 0ec#nolog! $rom1ni&ersit! o$ P#oeni2.

Pre&iousl! I%&e directed &arious "ro3ects in t#e In$ormation

Securit! arena including ,nancial institution "enetrationtesting) Firewall and 4irtual Pri&ate Networ -4PNcon,guration) design and de"lo!ment.

I #a&e e2tensi&e e2"erience in "re"aring $or SAS(+) 5IPAAand ,nancial auditing $or all in$ormation securit! areas.




6#at is a ,rewall7

A ,rewall is a de&ice or collectiono$ com"onents "laced betweentwo networs t#at collecti&el!

#a&e t#e $ollowing "ro"erties8 All tra9c $rom inside to outside)

and &ice:&ersa) must "ass t#roug#t#e ,rewall.

;nl! aut#ori*ed tra9c) as de,nedb! t#e local securit! "olic!) will beallowed to "ass.




Firewall 0!"es

First <eneration Pacet Filtering Firewalls

Second <eneration

State$ul Ins"ection Firewalls 0#ird <eneration

A""lication -Pro2! Firewalls

Fort# <eneration Kernel Pro2! tec#nolog! =>ee" "acet? ins"ection I>S / IPS ca"abilities




>e,ning Audit Sco"e

Firewall >ocumentationA""ro&al Procedures and

Process

Firewall ule ase

4PN

La!er Se&en Switc#ing Internal 0esting

E2ternal 0esting




Firewall Auditing Met#odolog!

P#asesI. <at#er >ocumentation

II. 0#e FirewallIII. 0#e ule ase

I4. 0esting and Scanning

4. Maintenance andMonitoring




P#ase I : <at#er >ocumentation

Securit! Polic! C#ange Control Procedures

Administrati&e Controls

Networ >iagrams

IP Address Sc#eme

Firewall Locations

IPS Ca"able7




P#ase I : <at#er>ocumentation

Firewall 4endor So$tware 4ersion and Patc# Le&el

5ardware Plat$orm

;"erating S!stem 4ersion andPatc# Le&el

Administrator training and

nowledge




P#ase II 0#e Firewall

0#ree =A%s? Aut#entication

Local / emote

Access Logical / P#!sical

Auditing -logs Local / emote

;S 5ardening




P#ase III 0#e ule ase

ased on t#e ;rgani*ation%sSecurit! Polic!

e&iew eac# rule usiness reason ;wner 5ost de&ices Ser&ice Ports

Sim"licit! is t#e e! Most restricti&e and least access




P#ase III 0#e ule ase

ule order -,rst out Administration ule ICMP ule Stealt# ule Cleanu" ule Egress ules

Logging




P#ase I4 0esting B Scanning

>etermine B Set E2"ectations Scan t#e ,rewall

Nma"

Firewal Scan #ost be#ind t#e ,rewall

Nessus

ISS Ensure results matc#

e2"ectations




P#ase 4 Maintenance BMonitoring

C#ange Management andA""ro&al Is t#e "rocess documented7 Is t#e "rocess being $ollowed7 Is t#ere e&idence o$ "rocess7

>isaster eco&er! Plan Formal7

acu" and eco&er! Procedures Firewall Logs

e&iews

Storage and arc#i&al




>emo




uestions777




e$erences and Additionalesources

0#e CISSP Pre" <uide onald L. Krut* B ussell >ean 4ines 6ile! Publis#ers ISN +:D(':D'G:H

Firewalls and Internet Securit!

6illiam . C#eswic and Ste&en M. ello&in Addison:6esle! Publis#ing Com"an! ISN +:+':G(:D

Lance S"it*ner www.s"it*ner.net

6#ite Pa"er : Auditing !our Firewall Setu" 6#ite Pa"er : uilding !our Firewall ule base

4icomSo$t www.,rewall:so$tware.com 6#ite Pa"er Firewall

http://www.spitzner.net/

http://www.firewall-software.com/

http://www.firewall-software.com/

http://www.spitzner.net/

Documents

Sean Lowder Firewall Auditing