Firewall Build Review
What is a Firewall Configuration Review?
A Build Review is a security assessment designed to test the devices your staff use to carry out their workload on a day-to-day basis. This may be an assessment of a workstation, server or other device.
The assessment is designed to identify any weaknesses in the specific configuration of a device, or vulnerabilities which may be present and exploitaible by unauthenticated or authenticated users.
Why Conduct A Firewall Configuration Review?
A firewall configuration is rarely static and over time as more services are required by the business coupled with changes to both the infrastructure and staff, the configuration can become overly complex often with redundant or unneeded rules still in place.
With this in mind, it is imperative to regularly check the configuration of such devices to ensure you are getting the maximum protection from your device.
During a Firewall Review we examine the configuration and operating system to determine if a secure setup has been established and to ensure there are no identifiable weaknesses. The assessment is designed to pinpoint and rectify any holes within the build and covers patching levels, accessible services, weak credentials, logging and auditing as well as a rule set analysis review.
For a rule set review, the live configuration, for either externally facing or internally placed firewalls is used to perform a detailed rule by rule study to determine if there are any overly permissive or weak rules that might be negatively impacting your security posture.
As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your devices. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.
This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.
A Firewall Configuration Review report will allow your business to:
- Receive assurance around the secure access configuration of your organisations extrernal or internal network.
- Make ongoing improvements to a Firewall via specialist support, advice and consultancy.
- Adhere to regulatory bodies who require a Firewall Configuration Review to be performed.
- Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats
+ Q: Why do I need a Firewall Configuration Review?
The modern firewall is complex device that when configured correctly can provide defence against a range of threats from both outside and inside your network. However with an incorrect configuration security holes can begin to emerge within your organistaion, providing access to resources and devices to malicious attackers.
+ Q: What Firewalls can I have reviewed?
Firewall reviews can be conducted against a large array of different configurations and brands. Automated tools are built to handle the majority of common devices, however manual assessments can also be conducted to ensure coverage of all client requirements regardless of device type.
+ Q: What will I receive after the review has been completed?
The deliverable from any Firewall Configuration Review is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.
The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.