A Firewall Review is a tightly scoped exercise that identified weaknesses and vulnerabilities in a firewall or set of firewalls or filtering network infrastructure on a network. Such reviews range in complexity from simple small firewalls with few interfaces to large carrier-grade gateways with complex rule sets.
Mandalorian are able to cover both the smaller review and larger more complex reviews, often including a review of network design. Our consultants are experienced with a wide range of firewall technologies, including (but not limited to):
- Palo Alto
- BSD Packet Filter (PF/BPF)
And many more.
The Mandalorian Approach
Following an initial scoping meeting or call, we will provide a fully scoped quote for your Firewall Review. It is important to understand the approximate size of the ruleset, number of interfaces, and number of firewalls in order to correctly scope the engagement. For more complex architectures, a physical network diagram would be beneficial, provided there are suitably NDAs in place.
Our consultants will perform the work in accordance with the agreed scope. The work can be variable and may require time on-site depending on the availability of information and access to relevant firewall administrators and network staff. Typically most Firewall Reviews involve the secure delivery of configuration files and supporting design documentation.
Once the review is complete, our consultants will produce a report with a high level executive summary, detailed technical section and appendices for any relevant observations requiring further detail.
This can take place as a one-off exercise, an exercise with a follow-up and comparative reporting or as a regular managed service. We generally advise that Firewall Reviews are conducted months before devices are replaced or as part of a rule reduction programme to reduce the complexity of a firewall setup.
While conducting Firewall Reviews, Mandalorian consultants encounter many different types of weakness. Items often identified include:
- Rules permitting extensive access to arbitrary ports, services or destinations
- Passwords stored in configuration settings either unencrypted or poorly encrypted
- Dangerous protocols such as NetBIOS over TCP/IP accessible across data segregation domains
- Firewall administrative interface accessible over all interfaces
- VPNs using weak cryptography or authentication methods
- Additional unexplained VPNs or rules pointing to potentially malicious activity
- Insufficient logging configuration or capability
Why Choose Mandalorian?
Value – Mandalorian conduct reviews using a combination of automated tools and manual techniques. While automated tools can be useful in finding common weaknesses or detecting the same class of problem across multiple devices, only a manual review can provide the kind of contextual knowledge needed to cover more complex networks.
Expertise – Our consultants have decades of experience between them reviewing common and less common firewall platforms. If it claims to block traffic, chances are we can review it.
Trust – We keep you in the loop throughout the review and promise to contact you should any problems arise. As we don’t sell any Firewalls, we’re uniquely placed to provide independent Firewall advice.
Call us now on 01256 830 146 or e-mail us at firstname.lastname@example.org to discuss your requirement and how we can help.