Through Praetorian's firewall security examination, your organization can verify the soundness of your security architecture and determine how well it is aligned with various industry standard requirements such as PCI DSS, ISO/IEC 27001. During a firewall review, Praetorian will examine vendor specific vulnerabilities, ingress and egress access controls, logging and auditing, and system management. Firewall security reviews are important because they identify vulnerabilities that cannot normally be detected through network penetration tests and black box network assessments.
IT Security Assessment Services
Obtain an accurate understanding of your security and risk posture, while ensuring compliance with industry regulators and information security best practices.
Firewall Security Review Services
Methodologies for Firewall Security Reviews
During the first phase of the assessment, Praetorian obtains an understanding of the overall security architecture and of the assets the firewall has been dedicated to protect. Developing an architectural understanding also allows Praetorian to evaluate the firewall in relation to optimal placement, regulatory compliance, and industry best practices.
During the next phase of the review, Praetorian examines the firewall configuration. Praetorian examines both the firewall's settings and rule sets to identify insecure configurations and loose access controls that would place the firewall and the assets it is designed to protect at risk. The assessment includes a review of firewall rules and groups, system & account management, access controls, and logging and auditing.
Finally, Praetorian will compare firewall interrogation results to documented firewall policies and procedures. In addition, firewall administrators will be interviewed to uncover any undocumented practices and clarify any discrepancies discovered.
During the review process, each firewall is reviewed and measured against a standard methodology and common security practices. Specifics will vary by firewall product, but the overall security considerations will remain the same.
What You Get
Upon completion of the assessment Praetorian shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security. The detailed contents of the deliverable are described below.
The report deliverable will include the following high level sections in a format suitable for management:
- Purpose of the engagement including project's scope and approach
- Positive security controls that were identified
- Tactical resolutions to immediately reduce risk in the environment
- Strategic recommendations for preventing similar issues from recurring
- An industry comparison based on consultancy experience and results from similar previous engagements
The report deliverable will also include the following in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations:
- A technical description and classification of each vulnerability
- Anatomy of exploitation including steps taken and proof in the form of screenshots
- Business or technical risk inherent in the vulnerability
- Vulnerability classification that describes the risk level as a function of vulnerability impact and ease of exploitation
- Technical description of how to mitigate the vulnerability
Frequently Asked Questions
How much does a wireless penetration test cost? The cost is dependent on the size and complexity of the wireless network and the level of rigor in which testing is to be performed. This is determined through pre-sale client discussions and scoping questionnaires. The price of an engagement will be delivered as a fixed bid quote. Wireless penetration tests will always require on-site resources and travel expenses will be billed back separately to the client.
How long does a wireless penetration test take to complete? The time to completion depends on the number of physical locations, buildings, and floors. Testing of a single location with only one floor, such as a satellite office, can be performed in a day. Multiple physical locations or large buildings with multiple floors, such as a corporate headquarters, will require a few days to a week to complete testing. On average, the typical duration of a wireless penetration test (including reporting) is three days.
What is the difference between a wireless penetration test and a wireless security review? A wireless penetration test has three phases: 1) host and service discovery, 2) vulnerability identification and verification, 3) and exploitation. The primary objectives of a wireless penetration test are to obtain sensitive information and/or gain unauthorized access. This is accomplished by targeting weaknesses in the wireless infrastructure and/or the wireless users themselves. During a wireless security review the “proof of concept” phase that demonstrates the impact of the vulnerabilities identified is not performed; however, unlike a penetration test other “white box” activities such as client/AP configuration reviews and technical interview sessions are performed.