From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Conduct ruleset reviews

Conduct ruleset reviews

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial

Conduct ruleset reviews

- Recall that a firewall works as a barrier or shield between your computer network and the internet. All firewalls are configured with instructions called Rulesets, that define actions the firewall should take with traffic that crosses its interfaces. These actions include: permitting and routing packets, denying packets, logging some or all traffic activity, and creating system events or alerts. The purpose of conducting ruleset reviews during a security assessment is to identify gaps in security controls due to lack of rules or poorly written rules. Firewall rulesets also should be reviewed periodically as part of good network management to ensure that rules aren't unnecessarily impacting the firewall's performance. Depending on the systems in scope, one should consider reviewing rulesets from the following types of systems: network firewalls, host-based firewalls, routers, intrusion detection systems and intrusion protection systems. SANS has a helpful firewall checklist, which…

Contents