Last updated August 28th, 2024 by Reuven Harrison
Network security audits are getting a lot of coverage these days thanks to standards like SOX, PCI-DSS, and HIPAA. Even if you do not need to comply with any of those standards – yet – business relationships with partners or customers may require you to show that your network is secure.
However, beyond compliance requirements, firewall audits are best practice for a particularly good reason. They increase your chances of catching weaknesses in your network security posture and finding places your policies need to be adapted. They also help prove you have been doing your due diligence in reviewing your security controls and policy controls, should you ever need to respond to a lawsuit, breach or regulatory issue that call your security standards into question.
To help you better understand the depth and breadth of a full firewall audit, we compiled the steps of a typical audit process. In our next tip, we will take a closer look at several of these areas and dive into the technical details of the firewall policy audit.
The main steps of a firewall audit:
1. Review the company’s firewall security policy
- If you’re going to audit something, you need to know what you’re looking for. Your company should have a written set of security guidelines that sum up policy for firewalls and related security infrastructure.
- If you need to comply with industry, government or regulatory standards, review those as well. Are those requirements reflected in your corporate security guidelines?
2. Review the company’s firewall operations policies
- Your company should have defined the accepted procedures for firewall management including changes, approvals, accountability, and record keeping.
- Your company should have defined procedures for responding to firewall security incidents. What is the escalation procedure? Who is authorized to respond? How do you coordinate with law enforcement? How is the impact of an attack and its response coordinated with the business and communicated to customers and other relevant stakeholders?
3. Review the firewall administrators who are authorized to make changes
- Are they all still employees of the company?
- Are they all still on the firewall management team?
- Are they all properly trained in the technology?
- Do they receive ongoing technical training?
- Do you have a procedure for identifying and removing administrators who have either left the organization or no longer have firewall access rights? Is it connected to HR?
4. Review the firewall change procedures
- How are changes managed? What is the procedure used to receive requests, track them, approve them and verify completion?
- Who signs off on firewall changes? Is there a formal process in place for this? Is an audit trail maintained?
- How are unauthorized changes detected?
- Are all actual changes on the firewall captured? Is there a complete audit trail? Can you demonstrate accountability for every change?
- Collect a sample of firewall change requests and verify that they were implemented. Was the company’s approval policy maintained? Are the changes documented in the firewall rule base?
5. Review the firewall system design
- Is the firewall technology current? Does your organization have an established, documented procedure for technology upgrades?
- Have all the latest software versions been installed? Are patches applied regularly? It does not need to be bleeding edge, but 3 years is too long!
- Does the firewall rule base adequately protect the organization? If you are not sure, refer to the corporate security guidelines.
- Are the controls specified in the written Policy adequately enforced? Is it clear to you exactly HOW they are being enforced?
6. Review the firewall review process
- Is the rule base reviewed at least once a year, and preferably more often- ideally once a quarter?
- Are redundant rules identified and removed from the rule base?
- Are unused rules and objects identified and removed from the rule base?
- Are overly permissive rules flagged for investigation?
- Are risky traffic flows identified?
Tufin’s comprehensive suite of capabilities helps you streamline the preparation for firewall audits, ensuring compliance with regulatory requirements and enhancing overall network security:
7. Policy Analysis: Tufin analyzes your firewall policies to ensure they comply with industry regulations and internal policies. It identifies any inconsistencies, redundant rules, or violations that might trigger audit failures.
8. Risk Assessment: Tufin assesses the risk associated with your firewall policies by identifying overly permissive rules, potential security gaps, or configurations that deviate from best practices. This helps prioritize remediation efforts before the audit.
9. Change Tracking: Tufin keeps track of all changes made to firewall configurations, including who made the changes, when they were made, and what was changed. This audit trail ensures accountability and facilitates the review process during the audit.
10. Documentation: Tufin generates detailed reports and documentation of your firewall policies, including rule descriptions, object usage, and traffic flows. This documentation serves as evidence of compliance and helps auditors understand your network security posture.
11. Workflow Automation: Tufin automates repetitive tasks involved in preparing for an audit, such as rule recertification, policy cleanup, and risk mitigation. This streamlines the audit readiness process and reduces the likelihood of human error.
Conclusion
In our next tip, we’ll look at the practical side of conducting a firewall audit and see how automated tools can help you to do them more quickly and efficiently. If there is something you think we left out, or if you have suggestions on how to perform firewall audits, we’d like to hear from you.
As always, feel free to book a demo.
Don't miss out on more Tufin blogs
Subscribe to our weekly blog digest