Firewall Ruleset Review
Assess your Firewall Rule Configuration looking for security configuration issues, vulnerabilities and unnecessary rules that could lead to a breach of your network.
A Pentest People consultant led Firewall Ruleset Review provides a thorough and independent examination of your firewall configuration. Through a Firewall Penetration Testing, the aim is to discover issues that could leave your network vulnerable to a security breach.
These issues may include problems due to overly permissive rules, historic rules, badly configured rules or rules that have been added to provide a workaround that now should be removed.
Firewalls evolve over time and procuring a regular firewall rule-set review provides you with the peace of mind that your firewall is continuing to operate as intended.
Listen to one of our Firewall Review expert’s breakdown of this Pentest People Service
What are the Risks?
A Firewall device acts as the gatekeeper to the corporate network and often is the first and last form of defence for most organisations who do not employ a multi-layer of security.
The Firewall is the device that sits between the inside and outside of your network and controls who can come in, and go out of your network.
An incorrectly configured firewall or one that exhibits a software vulnerability due to lack of patching can seriously affect the security posture of your organisation and allow a hacker total access to the corporate network.
How Can Our Firewall Rules Review Service Help?
Pentest People can perform a full Firewall Ruleset Review of all of your external facing Firewall infrastructure. One of our qualified firewall penetration testing consultants will use industry leading techniques to identify and assess the configuration of the Firewall, looking for any weaknesses that may lead to compromise.
All leading manufacture models of Firewalls can be assessed and advice given regarding both the configuration of the device and its associated rulebase.
The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.
The Firewall Ruleset Review allows
access to SecurePortal
Detailed Metrics
Receive detailed security metrics and trends about all your hosts and risks through the SecurePortal.
Receive useful trend information such as the top vulnerable hosts, and the most common vulnerabilities within your infrastructure.
Firewall Vulnerability Data
SecurePortal allows you to access all your vulnerability data in a secure single platform.
Following a firewall configuration review receive an overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Digital Report
Until now, the traditional deliverable from a Firewall Penetration Testing engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Firewall Ruleset Review Transcript
Firewall Configuration Reviews all differ on a per client basis and a per need basis. Typically, we will assess firewalls from sort of a configurational perspective. So, you know, looking for common misconfigurations in roles, reviewing the rule scope in a sense of making sure that those rules that have been implemented within a firewall are sensible, making sure that the scopes that you know, they cover too broad and that the rules are obeying the principle of least privilege. We’ll make sure that firewall devices check in things like login, we’ll make sure that configurations are in place to ensure that management consoles aren’t being interacted with in a in a dangerous way that could expose clients to a potential threat. And then off the back of that the clients will get a report that will detail what the dangerous configurations are, along with a spreadsheet that all kind of detail what what the problems are with the specific rule set, which will be followed up with a meeting with the consultant that undertook the assessment to explain why some of the configurations were deemed to be potentially dangerous and how the client could go about fixing it on their kind of specific one to one basis.
Key Benefits
Understand the firewall issues you face through a very thorough ruleset review from a qualified security consultant.
- Identify Security Vulnerabilities within your Firewall Configuration allowing you to proactively remediate any issues that arise
- Improve your security posture, allowing you to reduce the threat of a cyber attack occurring against your business
- Comply with various regulatory bodies who mandate regular Network Security Testing be performed within your infrastructure
- Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the Firewall Testing report
Frequently
Asked Questions
What types of Firewalls can you review?
My Firewall is managed by a third party, can you still perform the review?
What is the deliverable from the service?