Everything you ever wanted to know about security policy management, and much more.
In the first two parts of this blog series I focused on Gathering Pertinent Data for a Firewall Audit and Reviewing the Firewall Change Control Process.
In this third installment, I’d like to examine the steps you need to audit your firewalls’ physical and operating systems’ security. This is important because as there is risk within firewall policies and change control processes that you must get a handle on, there is also potential risk within the firewall configuration itself. As part of your audit-readiness and goal of being continuously in compliance with internal policies or external regulations and standards, a key step is to make sure your firewalls are hardened against the most fundamental types of attack.
Step 3: Audit Your Firewalls’ Physical and OS Security
Make sure you can define and enforce corporate baselines… and report against them so you know where you stand. By reporting against these baselines that you determine, you will always be “in the know” of your firewalls’ configuration status and how they stack up to the policy. Some more specific steps to consider are:
In the latest version of AlgoSec Security Management Suite, we have added a baseline compliance capability that allows you to define and report against corporate-defined configuration baselines for devices – and ultimately minimize risk. Here’s a short video that examines this capability… Enjoy!
Receive notifications of new posts by email.