Firewall Configuration Review – Overview

A normal security program will incorporate vulnerability scans and penetration tests to help measure the effectiveness of their security controls, but oftentimes doing a more detailed review of their key security devices is overlooked. The most important of these security devices is usually the firewall. A firewall configuration review takes a deeper dive into the configuration of this critical aspect of security, uncovering issues and deficiencies that may not be apparent through traditional security testing.

What is a Firewall Configuration Review?

A firewall configuration review is when we perform a detailed, manual review of your firewall’s configuration, looking for deviations from security best practices and potential security vulnerabilities. We have experience analyzing almost every different firewall on the market, including Cisco, Palo Alto, CheckPoint, Fortigate, PFSense, and more. This review will include everything about the target device, from the authentication mechanisms to the logging processes to the actual Access Control Lists (ACLs) or rules that you have implemented. We’ll base our analysis on published industry best practice standards, leveraging the Center for Internet Security’s (CIS) Benchmarks, when available, or security configuration documentation provided by the device vendor.

firewall configuration review
Oftentimes, this is what a firewall configuration review will look like for the security engineer performing the assessment.

To facilitate this review, we’ll usually request a full copy of the device configuration file. For some types of devices, the configuration file can be a little unwieldy, so it’s more efficient for us to request Read-Only Administrative access to the device so we can leverage the user interface. At the end of the day, we’ll work with you and your team to find the best way to audit your device(s) in the most efficient way possible.

What are the Benefits of a Configuration Review?

This type of assessment can have a lot of great benefits associated with it. First and foremost, your organization’s firewalls are generally the first line of defense in preventing attacks/compromises. Usually, these devices are one of the primary security devices you use to protect your network, and subsequently the sensitive data it contains. It makes sense to spend time and effort to make sure it is operating in the most secure manner possible. In addition to that, a firewall configuration review can also:

  • Mitigate compliance risk, by ensuring your network devices are configured according to published best practice standards. We can also gear our analysis towards a specific compliance standard (e.g. PCI DSS, HIPAA, NIST) where necessary.
  • Increase device management efficiency, by providing effective strategies and suggestions for clear and organized management of your device and the associated firewall rules.
  • Verify that there are no holes in your network. We’ll identify vulnerabilities and overly permissive rules that are increasing your attack surface and leaving your organization more open to attacks.
  • Find issues that traditional security tests may not uncover. By taking a deeper look, improvements made from this assessment will provide greater defense in depth, and ensure there are no minor issues that could lead to a more significant issue or even a full-blown compromise.

For all these reasons, a firewall configuration review is a great way to “up your game” when it comes to security program assessment and verification. It can help kick-off a higher level of security hygiene or verify your hardening practices already in place are functioning as intended. If you’ve got any questions or would like some more information, feel free to reach out.