From the course: Performing a Technical Security Audit and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Conduct ruleset reviews
From the course: Performing a Technical Security Audit and Assessment
Conduct ruleset reviews
- Recall that a firewall works as a barrier or shield between your computer network and the internet. All firewalls are configured with instructions called Rulesets, that define actions the firewall should take with traffic that crosses its interfaces. These actions include: permitting and routing packets, denying packets, logging some or all traffic activity, and creating system events or alerts. The purpose of conducting ruleset reviews during a security assessment is to identify gaps in security controls due to lack of rules or poorly written rules. Firewall rulesets also should be reviewed periodically as part of good network management to ensure that rules aren't unnecessarily impacting the firewall's performance. Depending on the systems in scope, one should consider reviewing rulesets from the following types of systems: network firewalls, host-based firewalls, routers, intrusion detection systems and intrusion protection systems. SANS has a helpful firewall checklist, which…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Required skillsets2m 52s
-
(Locked)
Conduct documentation reviews2m 8s
-
(Locked)
Conduct log reviews3m 4s
-
(Locked)
Conduct ruleset reviews2m 57s
-
(Locked)
Conduct system configuration reviews3m 35s
-
(Locked)
Conduct network sniffing1m 43s
-
(Locked)
Network sniffing tool demo: Wireshark3m 21s
-
(Locked)
Conduct file integrity checking4m 55s
-
(Locked)
File integrity checking tool demo1m 18s
-
(Locked)
Challenge: Pick the right reviews1m 6s
-
(Locked)
Solution: Pick the right reviews3m 9s
-
-
-
-
-
-
-