In this video, Marc Menninger describes how to conduct ruleset reviews. Learn how ruleset reviews help determine how traffic flows through an organization’s network and how it is authorized and managed.
- Recall that a firewall works as a barrier…or shield between your computer network…and the internet.…All firewalls are configured with instructions…called Rulesets,…that define actions the firewall should take…with traffic that crosses its interfaces.…These actions include:…permitting and routing packets,…denying packets,…logging some or all traffic activity,…and creating system events or alerts.…The purpose of conducting ruleset reviews…during a security assessment is to identify gaps…in security controls due to lack of rules…or poorly written rules.…
Firewall rulesets also should be reviewed periodically…as part of good network management…to ensure that rules aren't unnecessarily impacting…the firewall's performance.…Depending on the systems in scope,…one should consider reviewing rulesets…from the following types of systems:…network firewalls,…host-based firewalls,…routers,…intrusion detection systems…and intrusion protection systems.…SANS has a helpful firewall checklist,…which includes ruleset review as the first step.…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
IT Security Careers and Certifications: First Stepswith Marc Menninger2h 6m Appropriate for all
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.