A Firewall is typically used as a tool to enforce some aspect or aspects of an organisations security policy. A Firewall assessment will take into account the configuration and operation of the Firewall and assess the effectiveness of Firewall devices towards compliance with this security policy.

A Firewall at the network perimeter is indispensable as it provides the first line of defence from traffic originating from outside of the protected network. Internally, within an organisations network perimeter, Firewalls are typically deployed to protect commercially or company sensitive information, such as trade secrets or payroll data, from unauthorised access. Each Firewall is likely to have different operational and security requirements.

A critical question that the network designer must address is whether the Firewall device should permit anything that is not explicitly prohibited or prohibit anything that is not explicitly permitted.

Out of the box, Firewall installations tend to come with either a 'default deny' or 'default allow' policy. This means they provide little to no functionality. However, in our experience, it is common place for organisations to be operating under a false sense of security.

A secure Firewall implementation is not easy to achieve. Bespoke rules and a comprehensive configuration must be employed in order to achieve best security practice. However, it is often the case that administrators will accept a simplified rulebase, and hence a less secure system, for ease of administration. This trade off must be viewed against the risk management policy of the organisation. It is this documentation, which underpins the security policy, that defines the standard the administrator must configure the Firewall to meet.