An audit has little chance of success without having visibility of your network, including software, hardware, policies and risks. The following are examples of key information required to plan the audit work
- Obtain copies of relevant security policies
- Obtain access to firewall logs that can be analyzed against the firewall rule base to understand what is actually being used.
- Obtain a diagram of the current network and firewall topologies.
- Obtain reports and documents of previous audits, including firewall rules, objects and policy revisions.
- Identify all Internet Service Providers (ISP) and Virtual Private Networks (VPN).
- Obtain all relevant firewall vendor information including OS version, latest patches and default configuration.
- Understand all the key servers and key information repositories in the network and their relative values to the company
Audit Firewall Physical
& OS Security
Clean Up & Optimize