The Firewall Assessment, (depending on the device functionality), will include an examination of:
- Firewall rules
- Firewall build
The elements of the rules review include:
- Insecure rules with any to any instances
- Overly permissive rules that enable too great a degree of access between hosts via various protocols.
- Insecure configuration of VPN’s, radius or other key services.
- Insecure device configurations
- Insecure admin access configurations
- Inadequate or no logging
- Insecure encryption methods
- Duplicate or unused rules