Firewall Rules Review – Best Practices

Firewall Rules Review – Best Practices

  • Firewall Rule Change Control Form should be used for each firewall rule addition or modification.
  • Details to be captured:
  • Requesting Department
  • Requestor from the Requesting Department
  • Approver from the Requesting Department
  • Source IP, Hostnames and Ownership Information
  • Destination IP, Hostnames and Ownership Information
  • Destination Port that needs to be Opened in the Firewall
  • Business Justification for the Firewall Rule
  • The width of the rule (source, destination and ports being allowed) should be as minimum as possible.
  • Duration of Applicability (As minimum as possible)
  • Approver from Reviewing Department
  • Unique ID to identify the Firewall Rule
  • Date of Request of Firewall Rule
  • Date of Final Approval of Firewall Rule
  • Quarterly review should be performed on firewall rules.  Expired rules should be removed after confirmation from the Requestor Department Manager.
  • Annual review should be performed on non-expiring firewall rules.  Rules should be removed unless approved by the Requestor Department Manager.

References

https://www.giac.org/paper/gsec/3037/firewall-rule-review/102017

http://cdn.swcdn.net/creative/v9.3/pdf/Whitepapers/Best_Practices_for_Effective_Firewall_Management.pdf

Firewall Rules Review – Best Practices

Port Scanning – Firewall Best Practices

Port Scanning

Use GRC’s ShieldsUP Port Scanning tool to find out if any ports have been opened through your firewall or NAT Router.  If it is indeed opened, make sure that it is for a legitimate purpose and is secured.  If you do not know why a port is open, you are better-of by closing it – this could be performed at the NAT Router / Firewall level.

Other Resources:

http://lifehacker.com/5511734/shieldsup-tests-your-firewall-for-vulnerabilities

Port Scanning – Firewall Best Practices