Sales audit process for security

How to create outlook signature

hey everyone welcome back to cyber gray matter in today's video we're going to be going over the basics of how to audit a firewall this video will have six steps of the firewall auditing process and i think you'll find a lot of these concepts helpful and correlate to all general technology fields including the emphasis on procedures and documentation this video won't be a deep dive into the technical details but it goes over compliance best practices and other security concepts it's a good start to get an idea of what the auditing process is like let's jump right into it so let's start with what a firewall even is a firewall is a networking device and tool that manages connections between different internal or external networks they can accept or reject connections or even filter them and everything is based on rules remember that firewalls work on the network and transport layer so three and four of the osi model however there are some firewalls that can operate on the application layer or layer 7 of the osi model and these are considered smarter they're known as next generation firewalls also please don't confuse the application layer tidbit about the next-gen firewall with a web application firewall it's not the same thing so what's a firewall audit a firewall audit is a process of investigating the existing aspects of a firewall and this can include access and connections along with the identification of vulnerabilities and reports on any changes so why are audits important with all the compliance standards out and being used firewall audits are a way to prove to regulators or business partners that an organization's network is secure some of these standards include things such as the payment card industry data security standards or pci dss the general data protection regulation gdpr sarbanes-oxley or sox the health insurance portability and accountability act hipaa or the california consumer privacy act or ccpa other than firewall audits being required they're simply best practice if you audit a firewall you're likely to catch a weakness or openness within your network and security posture this way you can adapt your policies to fit this doing due diligence is important in cyber security in reviewing controls and policies will be one piece that helps protect an organization if there might be the unfortunate circumstance of a lawsuit breach or some sort of regulatory issue that may come up auditing a firewall will ensure that your configuration and rules adhere to internal cyber security policies besides safety a firewall audit can help improve performance by fixing the optimization of the firewall rule base and we'll go into that a little bit later now let's get into the six steps of the firewall audit step one collect key information this is prior to the audit there needs to be information gathered during this time there needs to be visibility into the network with software hardware policies and risks in order to plan the audit you will need the following key information copies of the relevant security policies the firewall logs that can be compared to the firewall rule base to find which rules are being used an accurate and updated copy of the network in the firewall topology diagrams any previous audit documentation including the rules objects and policy revisions vendor firewall information including the os version latest patches in the default configuration and finally understanding all the critical servers and repositories within the network step 2 assess the change management process the change management process starts with the request to change some sort of process or technology it's from the beginning with a conception through the implementation and then to the final resolution change management within a firewall audit is important because there needs to be traceability of any firewall changes and also ensure compliance for the future the most common problems with the change control involved issues with the documentation such as not including or being clear why the change was needed who authorized the changes in poor validation of the network impact of each change some requirements for the rule-based change management are the following make sure the changes are going through the proper approval and are implemented by the authorized personnel changes should be tested and documented by regulatory and internal policy requirements each rule should be noted to include the change id of the request and have a sign off with the initials of the person who implemented the change make sure there is an expiration date for the change if one should exist determine whether there is a formal and controlled process in place for the request review approval and implementation of the firewall changes and this process should include business purpose for the change request duration from the new modification rule assessment of the potential risk associated with the new or modified rule formal approvals from new and modified rules assignment to the proper administration for implementation verification that the change has been tested and implemented correctly authorization must be granted to make these changes and any unauthorized changes should be flagged for future investigation it should be determined whether the real-time monitoring of changes to the firewall are enabled authorized requesters admins and stakeholders should be given rule change notifications step 3 audit the os and physical security firewall audits don't just involve the rule-based policies but the actual firewall itself it's important to ensure that the firewall has both physical and software security feature verification this involves the hardware and os software of the firewall it's important that there's a physical security protecting the firewall and management servers with controlled access this ensures that only authorized personnel are permitted to access the firewall server rooms vendor operating system patches and updates are extremely important and it should be verified that these are here the operating system should also be audited to ensure that it passes common hardening checklists the device administration procedure should also be reviewed step 4 declutter and improve the rule base in order to ensure that the firewall performs at peak performance the rule base should be decluttered and optimized this also makes the auditing process easier and will remove the unnecessary overhead to do this start by deleting the rules that aren't useful and disable expired and unused rules and objects delete the unused connections and this includes source destination and service routes that aren't in use find the similar rules and consolidate them into one rule identify and fix any issues that are over permissive and analyze the actual policy against firewall logs analyze vpn parameters in order to uncover users and groups that are unused unattached expired or those that are about to expire enforce object naming conventions finally keep a record of rules objects and policy revisions for future reference step 5 perform a risk assessment and fix issues a thorough and comprehensive risk assessment will help identify any risky rules that ensure the rules are compliant with internal policies and relevant standards and regulations this is done by prioritizing the rules by severity and based on industry standards and best practices this is based upon company needs and risk acceptance of an organization things to look for check to see if there are any rules or go against and violate your corporate security policy do any of the firewall rules use any in the source destination service protocol application or use fields with a permissive action do any of the rules allow risky services for your dmz to the internal network what about any rules that allow risky services from the internet coming inbound to sensitive servers networks devices and databases it's also good to analyze firewall rules and configurations and check to see if there are any complying with regulatory standards such as pci dss socks iso and other policies that are relevant to the organization these might be policies for hardware software configurations and other devices there should be an action plan for remediation of these risks and compliance exceptions that are identified in the risk analysis it should be verified that the remediation efforts have taken place and any rule changes have been completed correctly and as always these changes should be tracked and documented step six conduct ongoing audits now that the initial audit is done we need to continue auditing to ensure that this is ongoing ensure that there is a process that is established and continuous for future firewall audits in order to avoid air and manual tasks these can be automated with analysis and reporting all procedures need to be documented and this is in order to create a complete audit trail for all firewall management activities ensure that there is a robust firewall change workflow in place to maintain compliance over time and finally ensure that there is an alerting system in place for significant events and activities this includes changes to certain rules or if a new high severity risk is identified in the policy thanks for watching i hope you've had fun learning about firewall auditing please leave a like and any questions down in the comment section below thanks you