Q

Is it possible to create a firewall rule report for an auditor to review?

My knowledge of firewalls is very general, not technical. When I ask technical people about firewall rule configuration reports, I get very vague responses. Is it possible to create a firewall rule configuration report for an auditor to review? If so, how? As there are more than 50 firewalls to review, technical people tend to refuse to provide reports on firewall rules. Any suggestions?

My knowledge of firewalls is very general, not technical. When I ask technical people about firewall rule configuration reports, I get very vague responses. Is it possible to create a firewall rule configuration report for an auditor to review? If so, how? As there are more than 50 firewalls to review, technical people tend to refuse to provide reports on firewall rules. Any suggestions?
First of all, I'd recommend that you read my blog posted on Friday. I address that sort of thing, although not from an auditor's viewpoint. But if a firewall is configured as I've suggested in the blog, then an auditor will find the job much easier.

As for the technical people, my guess would be that they don't want to be bothered, they view your auditing attempts as a threat of some sort, none of them really understand the whole picture, or they don't want to have to practice the discipline of change control.

The primary hurdle you have to overcome is to get management support for your auditing efforts. Sad to say, I learned this the hard way by trying to improve security at a company where upper management didn't have a clue and didn't want to be given one. Once you get management to mandate support for auditing, and it flows down the food chain, you'll get a lot farther.

This was first published in October 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close