ESTec Security
Client Login
ESTec Security Search Sitemap Contact Us
About Us Products & Services Newsroom Education Careers
Quick Finder
Vulnerability Assessment
Incident Response
Intrusion/ Penetration Testing
ISO 27001 / ISO 17799 / BS 7799
Information Technology Risk Assessment
Security Policy Review and Formulation
Telecommunications Audit
Code Audit
Network Architecture Reviews
Firewall Rule Set Audit
Security Log Analysis
Expert Witness
Disaster Recovery Planning & Plan Reviews
Security Auditing
Security Awareness Programs
New Features




Firewall Rule Set Audit

Firewall rule sets tend to accumulate errors that may result in vulnerabilities to the internal network. A firewall rule-set should be audited once a year at least to maintain the policy the firewall is implementing.

Sample Case

Customer: Mid-sized Midwestern Bank
Services: Firewall Audit
Problem: The Bank had outsourced firewall management some time ago, with no follow-up examination, and needed assurance that the firewall was properly implemented.
Solution: An ESTec consultant reviewed the policy instructions provided to the outsourcing company, and reviewed the configuration files for the firewall. The policy was a simple one that required a large firewall rule-set. A change of personnel during the year that had not been properly communicated to the firewall management firm, and one individual who no longer worked for the bank still had access from his home computer through the firewall to the banking network's internal systems. That access was quickly removed, and the rules made clear to all users.
Results: The system once again functioned at the level determined before initialization several years ago, and now met fully every goal that had been created for it at implementation.

About Us | Products & Services | Newsroom | Education | Careers | Contact Us | Privacy Commitment | Terms of Use

©2002 ESTec Systems Corporation. All rights reserved.