firewall auditing sean k. lowder cissp / mcse / ccna [email protected]
TRANSCRIPT
Firewall AuditingSean K. LowderCISSP / MCSE / [email protected]
Sean K. Lowder CISSP ©2007 2
Bio
Currently employed at Blue Cross Blue Shield of Louisiana as the Information Security Manager.
I’ve been in the computer industry for 17 years, and has specialized in information security for the last 10 years.
I have various industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Novell Engineer (CNE), Microsoft Certified Systems Engineer (MCSE), and Cisco Certified Network Associate (CCNA). I received my BS in Information Technology from University of Phoenix.
Previously I’ve directed various projects in the Information Security arena including financial institution penetration testing, Firewall and Virtual Private Network (VPN) configuration, design and deployment.
I have extensive experience in preparing for SAS70, HIPAA and financial auditing for all information security areas.
Sean K. Lowder CISSP ©2007 3
What is a firewall?
A firewall is a device or collection of components placed between two networks that collectively have the following properties: All traffic from inside to outside,
and vice-versa, must pass through the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass.
Sean K. Lowder CISSP ©2007 4
Firewall Types
First Generation Packet Filtering Firewalls
Second Generation Stateful Inspection Firewalls
Third Generation Application (Proxy) Firewalls
Forth Generation Kernel Proxy technology “Deep packet” inspection IDS / IPS capabilities
Sean K. Lowder CISSP ©2007 5
Defining Audit Scope
Firewall Documentation Approval Procedures and
Process Firewall Rule Base VPN Layer Seven Switching Internal Testing External Testing
Sean K. Lowder CISSP ©2007 6
Firewall Auditing Methodology
PhasesI. Gather DocumentationII. The FirewallIII. The Rule BaseIV. Testing and ScanningV. Maintenance and
Monitoring
Sean K. Lowder CISSP ©2007 7
Phase I - Gather Documentation Security Policy Change Control Procedures Administrative Controls Network Diagrams IP Address Scheme Firewall Locations IPS Capable?
Sean K. Lowder CISSP ©2007 8
Phase I - Gather Documentation Firewall Vendor Software Version and Patch Level Hardware Platform Operating System Version and
Patch Level Administrator training and
knowledge
Sean K. Lowder CISSP ©2007 9
Phase II – The Firewall
Three “A’s” Authentication
Local / Remote Access
Logical / Physical Auditing (logs)
Local / Remote
OS Hardening
Sean K. Lowder CISSP ©2007 10
Phase III – The Rule Base
Based on the Organization’s Security Policy
Review each rule Business reason Owner Host devices Service Ports
Simplicity is the key Most restrictive and least access
Sean K. Lowder CISSP ©2007 11
Phase III – The Rule Base
Rule order (first out) Administration Rule ICMP Rule Stealth Rule Cleanup Rule Egress Rules
Logging
Sean K. Lowder CISSP ©2007 12
Phase IV – Testing & Scanning
Determine & Set Expectations Scan the firewall
Nmap Firewalk
Scan host behind the firewall Nessus ISS
Ensure results match expectations
Sean K. Lowder CISSP ©2007 13
Phase V – Maintenance & Monitoring Change Management and
Approval Is the process documented? Is the process being followed? Is there evidence of process?
Disaster Recovery Plan Formal? Backup and Recovery Procedures
Firewall Logs Reviews Storage and archival
Sean K. Lowder CISSP ©2007 14
Demo
Sean K. Lowder CISSP ©2007 15
Questions???
Sean K. Lowder CISSP ©2007 16
References and Additional Resources
The CISSP Prep Guide Ronald L. Krutz & Russell Dean Vines Wiley Publishers ISBN 0-471-41356-9
Firewalls and Internet Security William R. Cheswick and Steven M. Bellovin Addison-Wesley Publishing Company ISBN 0-201-63357-4
Lance Spitzner www.spitzner.net White Paper - Auditing your Firewall Setup White Paper - Building your Firewall Rule base
VicomSoft www.firewall-software.com White Paper – Firewall