ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
This text is replaced by the Flash movie.
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Firewall and VPN Audit

ERE perform integrated audits of firewall and VPN technology, focusing on four subject areas to test:

Rules, Objects, and IP Addresses

  • Unique rule identification.
  • Rule name identification.
  • Assessment of rule compliance with security policy and with access policy for a VPN.
  • Identify objects, both observed in event logs and not observed in event logs.
  • Identify rules which are used and which are not used.
  • Identify legacy rules which can not be used.
  • Identify sanctioned source and destination IP addresses.
  • Correlation of rules vs. objects.
  • Identifying unused or legacy rules and objects.

Scanning to Test Rules

  • Scans from within DMZ’s to other DMZs and to inside the corporate network.
  • Scans from outside the corporate network to inside the DMZs.
  • Testing to determine if rules perform their intended roles.
  • Testing to determine if rules exist to perform the intentions of policy.

Documentation

  • Document all rules and their use.
  • Create a dictionary of rules and objects.

Hardening Change Management

  • Create a change management process for rules.
  • Provide change management authorization document(s).

 

 

Contact Us

905 764 3246

 
 
  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
   
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

http://www.apress.com/9781484201497

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

 
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button