What is a Firewall Configuration Review?
The main purpose of a Firewall Review is to ensure the rule sets and configuration are in line with the business requirements. An important part of the review is to ascertain traffic flows, services, protocols & ports in use against the approved services required by the business.
If the required information is available*, our Firewall Reviews typically consist of the following steps;
- Network Diagram Familiarization*
- Information Flow Understanding
- Identify & Confirm Approved Services, Ports & Protocols
- Review The Current Configuration
- Review The Rule Sets
- Preparation of A Report on Evidence/Findings
- Provide Remedial Advice
Edge Cyber Security use industry approved tools as well as technical knowledge to view and understand rule sets from the firewall, rule usage statistics for each rule, data on traffic allowed through the firewall and denied by the firewall. The ‘Approved List’ is also required for the rule set review. Review the use of “any” in the source, destination or port in “allow rules”. For each “allow” rule, drill down into actual traffic and determine what is talking to what on what port. Only traffic identified in the approved list is allowed to pass through the firewall. This applies to not only inbound traffic but outbound traffic as well.
Why Edge Cyber Security?
Edge Cyber Security is a cyber security firm in the UK offering a great service in the security and compliance market for small and large businesses. We strive to offer the best solution for your business and impartial advice at an honest price. We are constantly investigating new technologies and recommend them when they make sense.
We love what we do, some might say a bit too much, and we bring enthusiasm and commitment to every project we work on. Put simply, if you want a partner who cares about your business choose us to provide your cyber security services.
We listen, we discuss, we advise. Sounds obvious but we listen to your ideas, plans and objectives for your business. We then select the best solution to fit. Your success is our success.
All our services come with comprehensive support to help your business find the most appropriate solution to any identified vulnerabilities. All reports include our recommendations for resolution, detailed findings and an executive summary.
We have security consultants who have cultivated their careers across a variety of sectors. We will always be able to provide someone who understands your business needs and goals when performing penetration testing.
Rarely does a single package fit all clients, and this couldn't be more true in cyber security. That's why we work with you to develop a bespoke engagement that works for you regardless of the project size.