Scribd Logo
Upload

Welcome to Scribd!

  • Sean Lowder Firewall Auditing

    Uploaded by

    Muhammad Ateeq
    9 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    9 views16 pages

    Sean Lowder Firewall Auditing

    Uploaded by

    Muhammad Ateeq

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 16

    Firewall Auditing Sean K.

    Lowder
    CISSP / MCSE / CCNA
    Sean.Lowder@bcbsla.com
    Bio
     Currently employed at Blue Cross Blue Shield of Louisiana as the
    Information Security Manager.
     I’ve been in the computer industry for 17 years, and has specialized
    in information security for the last 10 years.
     I have various industry certifications, including Certified Information
    Systems Security Professional (CISSP), Certified Novell Engineer
    (CNE), Microsoft Certified Systems Engineer (MCSE), and Cisco
    Certified Network Associate (CCNA). I received my BS in
    Information Technology from University of Phoenix.
     Previously I’ve directed various projects in the Information Security
    arena including financial institution penetration testing, Firewall and
    Virtual Private Network (VPN) configuration, design and
    deployment.
     I have extensive experience in preparing for SAS70, HIPAA and
    financial auditing for all information security areas.

    Sean K. Lowder CISSP ©2007 2


    What is a firewall?
     A firewall is a device or collection of
    components placed between two
    networks that collectively have the
    following properties:
     All traffic from inside to outside, and
    vice-versa, must pass through the
    firewall.
     Only authorized traffic, as defined by the
    local security policy, will be allowed to
    pass.
    Sean K. Lowder CISSP ©2007 3
    Firewall Types
     First Generation
     Packet Filtering Firewalls
     Second Generation
     Stateful Inspection Firewalls
     Third Generation
     Application (Proxy) Firewalls
     Forth Generation
     Kernel Proxy technology
     “Deep packet” inspection
     IDS / IPS capabilities
    Sean K. Lowder CISSP ©2007 4
    Defining Audit Scope

     Firewall Documentation
     Approval Procedures and Process
     Firewall Rule Base
     VPN
     Layer Seven Switching
     Internal Testing
     External Testing

    Sean K. Lowder CISSP ©2007 5


    Firewall Auditing Methodology

    Phases
    I. Gather Documentation
    II. The Firewall
    III. The Rule Base
    IV. Testing and Scanning
    V. Maintenance and Monitoring

    Sean K. Lowder CISSP ©2007 6


    Phase I - Gather Documentation
     Security Policy
     Change Control Procedures
     Administrative Controls
     Network Diagrams
     IP Address Scheme
     Firewall Locations
     IPS Capable?

    Sean K. Lowder CISSP ©2007 7


    Phase I - Gather Documentation
     Firewall Vendor
     Software Version and Patch Level
     Hardware Platform
     Operating System Version and Patch
    Level
     Administrator training and knowledge

    Sean K. Lowder CISSP ©2007 8


    Phase II – The Firewall
     Three “A’s”
     Authentication
     Local / Remote
     Access
     Logical / Physical
     Auditing (logs)
     Local / Remote
     OS Hardening

    Sean K. Lowder CISSP ©2007 9


    Phase III – The Rule Base
     Based on the Organization’s Security
    Policy
     Review each rule
     Business reason
     Owner
     Host devices
     Service Ports
     Simplicity is the key
     Most restrictive and least access

    Sean K. Lowder CISSP ©2007 10


    Phase III – The Rule Base
     Rule order (first out)
     Administration Rule
     ICMP Rule
     Stealth Rule
     Cleanup Rule
     Egress Rules
     Logging

    Sean K. Lowder CISSP ©2007 11


    Phase IV – Testing & Scanning
     Determine & Set Expectations
     Scan the firewall
     Nmap
     Firewalk

     Scan host behind the firewall


     Nessus
     ISS

     Ensure results match expectations

    Sean K. Lowder CISSP ©2007 12


    Phase V – Maintenance & Monitoring
     Change Management and Approval
     Is the process documented?
     Is the process being followed?
     Is there evidence of process?
     Disaster Recovery Plan
     Formal?
     Backup and Recovery Procedures
     Firewall Logs
     Reviews
     Storage and archival
    Sean K. Lowder CISSP ©2007 13
    Demo

    Sean K. Lowder CISSP ©2007 14


    Questions???

    Sean K. Lowder CISSP ©2007 15


    References and Additional Resources

     The CISSP Prep Guide


     Ronald L. Krutz & Russell Dean Vines
     Wiley Publishers
     ISBN 0-471-41356-9
     Firewalls and Internet Security
     William R. Cheswick and Steven M. Bellovin
     Addison-Wesley Publishing Company
     ISBN 0-201-63357-4
     Lance Spitzner
     www.spitzner.net
     White Paper - Auditing your Firewall Setup
     White Paper - Building your Firewall Rule base
     VicomSoft
     www.firewall-software.com
     White Paper – Firewall
    Sean K. Lowder CISSP ©2007 16

    You might also like