Your critical applications and system environment comprise numerous components such as servers, network devices and middleware and accessed by client devices including desktops, laptops and mobile devices.
Each of these components and client devices, if configured incorrectly using only default or ‘out of the box’ settings, can introduce weaknesses in your security posture with default passwords, open ports and unnecessary services leaving your business exposed to a malicious attacker gaining a foot-hold in your network, accessing sensitive data or disrupting critical business services.
Our Build & Configuration Security Review will analyse the systems’ security in great detail and assess on how sensitive and critical data is protected by the assessed system, ideally following a ‘secure-by-default’ approach.
The Build & Configuration Security Review is especially cost effective if multiple systems are built in the same way (using a gold image standard build) since by using a sampled approach, this will uncover many quick wins to dramatically improve the business security posture across all devices in scope.
A full report will be provides with the results enabling the business to decide on the best course of action to address the vulnerability and therefore reduce the attack surface of the business following a risk based approach
Overview
The firewall security assessment will commence with a review of the compliance and security policies the business has agreed to.
Our consultant will request documents are made available by the client for review. This will include policies, applicable change requests and firewall setup documentation as well as a network diagram detailing positioning of the firewall in-scope for analysis by dVictor Technologies.
It is critical any documentation about the firewall configuration, firewall rules set and any subsequent change control paperwork are reflected in the actual current state of the firewall. As part of the review, any variants with the paperwork will be raised as a finding.
Where relevant, the review will include references to the different network zones separated by the firewall, expected information flows across the firewall’s interfaces between those zones and agreed services and open ports for business purposes for each zone.
The client will also need to supply electronically ideally a copy of the firewall configuration and rule base.
If the firewall is from a shared service provider, rules only pertaining to the business and any general rules need to be provided. Rule ordering and priority is also important and this information should be included with any provided firewall rule base details.
The firewall security assessment will cover the following key areas: –
- Software version and patch level
- Location of firewall within the network
- Insufficiently restrictive rules
- Overlapping rules
- Permissive rules precede the deny all rule
- Unused objects
- Insufficient auditing
- Weak account passwords /password encryption used
- Insecure services used
- Missing rules (e.g. a stealth rule)
- Time synchronisation
- Excessive user accounts/least privilege
- Security of VPN settings
- Configuration of other modules
- Protections employed against common Denial of Service Attacks
A firewall security assessment requires a minimum of two days if a full policy and change control document set is provided for one firewall. Subsequent extra firewalls will be reviewed on a one man-day per firewall basis.
If the firewall security assessment is purely of the firewall rule base and its configuration, then please allow a day per firewall.