How to conduct firewall configuration reviews

Ask the Expert

How to conduct firewall configuration reviews

Is there a common checklist that can be used for firewall configuration reviews? Or can you recommend any tools for finding weaknesses in firewalls? This is for compliance monitoring.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Firewall configuration reviews play a critical role in ensuring the ongoing protection of the perimeter. As any firewall administrator knows, it's all too easy for a rule base to become convoluted over time, containing rules that may be outdated or simply incorrect. Regular reviews help remedy this effect and allow administrators to conduct a periodic policy "health check." Configuration reviews may be mandatory for firewalls that process regulated data. In fact, the Payment Card Industry Data Security Standard (PCI DSS) requires quarterly firewall reviews for systems involved in credit card processing.

When performing firewall configuration reviews, there are a few simple questions that you should be able to answer:

  • Does the firewall rule base correctly implement the business policy? Verify that the rules in place deny any traffic that is not explicitly required for business purposes.
  • Can all of the rules be traced back to specific change requests in your change-management system? Each change request should include business justification for the rule, appropriate management approval and a scheduled implementation/rollback plan.
  • Is the firewall properly auditing and logging activity? Verify that firewall logs are stored on a secured log server for a period of time that meets your organization's retention policy.

In addition to these steps, you should ensure that your firewall rule base is clear of overlapping/shadowed rules, orphaned rules and unused rules. I discuss these issues and rule base analysis tools in my response to the question: "How should multiple firewall rules be managed?"

More information about firewall configuration:

This was first published in May 2007