Firewall rule sets tend to accumulate errors that may result in
vulnerabilities to the internal network. A firewall rule-set should
be audited once a year at least to maintain the policy the firewall
Customer: Mid-sized Midwestern Bank
Services: Firewall Audit
Problem: The Bank had outsourced firewall management some time ago,
with no follow-up examination, and needed assurance that the firewall
was properly implemented.
Solution: An ESTec consultant reviewed the policy instructions provided
to the outsourcing company, and reviewed the configuration files
for the firewall. The policy was a simple one that required a large
firewall rule-set. A change of personnel during the year that had
not been properly communicated to the firewall management firm,
and one individual who no longer worked for the bank still had access
from his home computer through the firewall to the banking network's
internal systems. That access was quickly removed, and the rules
made clear to all users.
Results: The system once again functioned at the level determined
before initialization several years ago, and now met fully every
goal that had been created for it at implementation.