Upload
jennifer-hansen
View
223
Download
0
Embed Size (px)
Citation preview
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 1/16
Firewall AuditingSean K. LowderCISSP / MCSE / [email protected]
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 2/16
Sean K. Lowder CISSP ©2007 2
io
Currentl! em"lo!ed at lue Cross lue S#ield o$ Louisianaas t#e In$ormation Securit! Manager.
I%&e been in t#e com"uter industr! $or '( !ears) and #ass"eciali*ed in in$ormation securit! $or t#e last '+ !ears.
I #a&e &arious industr! certi,cations) including Certi,edIn$ormation S!stems Securit! Pro$essional -CISSP) Certi,ed
No&ell Engineer -CNE) Microso$t Certi,ed S!stemsEngineer -MCSE) and Cisco Certi,ed Networ Associate-CCNA. I recei&ed m! S in In$ormation 0ec#nolog! $rom1ni&ersit! o$ P#oeni2.
Pre&iousl! I%&e directed &arious "ro3ects in t#e In$ormation
Securit! arena including ,nancial institution "enetrationtesting) Firewall and 4irtual Pri&ate Networ -4PNcon,guration) design and de"lo!ment.
I #a&e e2tensi&e e2"erience in "re"aring $or SAS(+) 5IPAAand ,nancial auditing $or all in$ormation securit! areas.
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 3/16
Sean K. Lowder CISSP ©2007 3
6#at is a ,rewall7
A ,rewall is a de&ice or collectiono$ com"onents "laced betweentwo networs t#at collecti&el!
#a&e t#e $ollowing "ro"erties8 All tra9c $rom inside to outside)
and &ice:&ersa) must "ass t#roug#t#e ,rewall.
;nl! aut#ori*ed tra9c) as de,nedb! t#e local securit! "olic!) will beallowed to "ass.
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 4/16
Sean K. Lowder CISSP ©2007 4
Firewall 0!"es
First <eneration Pacet Filtering Firewalls
Second <eneration
State$ul Ins"ection Firewalls 0#ird <eneration
A""lication -Pro2! Firewalls
Fort# <eneration Kernel Pro2! tec#nolog! =>ee" "acet? ins"ection I>S / IPS ca"abilities
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 5/16
Sean K. Lowder CISSP ©2007 5
>e,ning Audit Sco"e
Firewall >ocumentationA""ro&al Procedures and
Process
Firewall ule ase
4PN
La!er Se&en Switc#ing Internal 0esting
E2ternal 0esting
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 6/16
Sean K. Lowder CISSP ©2007 6
Firewall Auditing Met#odolog!
P#asesI. <at#er >ocumentation
II. 0#e FirewallIII. 0#e ule ase
I4. 0esting and Scanning
4. Maintenance andMonitoring
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 7/16
Sean K. Lowder CISSP ©2007 7
P#ase I : <at#er >ocumentation
Securit! Polic! C#ange Control Procedures
Administrati&e Controls
Networ >iagrams
IP Address Sc#eme
Firewall Locations
IPS Ca"able7
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 8/16
Sean K. Lowder CISSP ©2007 8
P#ase I : <at#er>ocumentation
Firewall 4endor So$tware 4ersion and Patc# Le&el
5ardware Plat$orm
;"erating S!stem 4ersion andPatc# Le&el
Administrator training and
nowledge
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 9/16
Sean K. Lowder CISSP ©2007 9
P#ase II 0#e Firewall
0#ree =A%s? Aut#entication
Local / emote
Access Logical / P#!sical
Auditing -logs Local / emote
;S 5ardening
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 10/16
Sean K. Lowder CISSP ©2007 10
P#ase III 0#e ule ase
ased on t#e ;rgani*ation%sSecurit! Polic!
e&iew eac# rule usiness reason ;wner 5ost de&ices Ser&ice Ports
Sim"licit! is t#e e! Most restricti&e and least access
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 11/16
Sean K. Lowder CISSP ©2007 11
P#ase III 0#e ule ase
ule order -,rst out Administration ule ICMP ule Stealt# ule Cleanu" ule Egress ules
Logging
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 12/16
Sean K. Lowder CISSP ©2007 12
P#ase I4 0esting B Scanning
>etermine B Set E2"ectations Scan t#e ,rewall
Nma"
Firewal Scan #ost be#ind t#e ,rewall
Nessus
ISS Ensure results matc#
e2"ectations
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 13/16
Sean K. Lowder CISSP ©2007 13
P#ase 4 Maintenance BMonitoring
C#ange Management andA""ro&al Is t#e "rocess documented7 Is t#e "rocess being $ollowed7 Is t#ere e&idence o$ "rocess7
>isaster eco&er! Plan Formal7
acu" and eco&er! Procedures Firewall Logs
e&iews
Storage and arc#i&al
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 14/16
Sean K. Lowder CISSP ©2007 14
>emo
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 15/16
Sean K. Lowder CISSP ©2007 15
uestions777
7/23/2019 Sean Lowder Firewall Auditing
http://slidepdf.com/reader/full/sean-lowder-firewall-auditing 16/16
Sean K. Lowder CISSP ©2007 16
e$erences and Additionalesources
0#e CISSP Pre" <uide onald L. Krut* B ussell >ean 4ines 6ile! Publis#ers ISN +:D(':D'G:H
Firewalls and Internet Securit!
6illiam . C#eswic and Ste&en M. ello&in Addison:6esle! Publis#ing Com"an! ISN +:+':G(:D
Lance S"it*ner www.s"it*ner.net
6#ite Pa"er : Auditing !our Firewall Setu" 6#ite Pa"er : uilding !our Firewall ule base
4icomSo$t www.,rewall:so$tware.com 6#ite Pa"er Firewall