[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:01.28,0:00:02.96,Default,,0000,0000,0000,,hey everyone welcome back to cyber gray
Dialogue: 0,0:00:02.96,0:00:04.96,Default,,0000,0000,0000,,matter in today's video we're going to
Dialogue: 0,0:00:04.96,0:00:06.72,Default,,0000,0000,0000,,be going over the basics of how to audit
Dialogue: 0,0:00:06.72,0:00:08.88,Default,,0000,0000,0000,,a firewall this video will have six
Dialogue: 0,0:00:08.88,0:00:11.20,Default,,0000,0000,0000,,steps of the firewall auditing process
Dialogue: 0,0:00:11.20,0:00:12.48,Default,,0000,0000,0000,,and i think you'll find a lot of these
Dialogue: 0,0:00:12.48,0:00:14.32,Default,,0000,0000,0000,,concepts helpful and correlate to all
Dialogue: 0,0:00:14.32,0:00:16.64,Default,,0000,0000,0000,,general technology fields including the
Dialogue: 0,0:00:16.64,0:00:19.28,Default,,0000,0000,0000,,emphasis on procedures and documentation
Dialogue: 0,0:00:19.28,0:00:21.04,Default,,0000,0000,0000,,this video won't be a deep dive into the
Dialogue: 0,0:00:21.04,0:00:22.88,Default,,0000,0000,0000,,technical details but it goes over
Dialogue: 0,0:00:22.88,0:00:25.04,Default,,0000,0000,0000,,compliance best practices and other
Dialogue: 0,0:00:25.04,0:00:26.80,Default,,0000,0000,0000,,security concepts
Dialogue: 0,0:00:26.80,0:00:28.96,Default,,0000,0000,0000,,it's a good start to get an idea of what
Dialogue: 0,0:00:28.96,0:00:31.20,Default,,0000,0000,0000,,the auditing process is like let's jump
Dialogue: 0,0:00:31.20,0:00:33.76,Default,,0000,0000,0000,,right into it
Dialogue: 0,0:00:33.76,0:00:35.76,Default,,0000,0000,0000,,so let's start with what a firewall even
Dialogue: 0,0:00:35.76,0:00:36.56,Default,,0000,0000,0000,,is
Dialogue: 0,0:00:36.56,0:00:38.32,Default,,0000,0000,0000,,a firewall is a networking device and
Dialogue: 0,0:00:38.32,0:00:40.16,Default,,0000,0000,0000,,tool that manages connections between
Dialogue: 0,0:00:40.16,0:00:42.48,Default,,0000,0000,0000,,different internal or external networks
Dialogue: 0,0:00:42.48,0:00:44.40,Default,,0000,0000,0000,,they can accept or reject connections or
Dialogue: 0,0:00:44.40,0:00:46.64,Default,,0000,0000,0000,,even filter them and everything is based
Dialogue: 0,0:00:46.64,0:00:47.92,Default,,0000,0000,0000,,on rules
Dialogue: 0,0:00:47.92,0:00:49.60,Default,,0000,0000,0000,,remember that firewalls work on the
Dialogue: 0,0:00:49.60,0:00:52.24,Default,,0000,0000,0000,,network and transport layer so three and
Dialogue: 0,0:00:52.24,0:00:54.56,Default,,0000,0000,0000,,four of the osi model however there are
Dialogue: 0,0:00:54.56,0:00:56.08,Default,,0000,0000,0000,,some firewalls that can operate on the
Dialogue: 0,0:00:56.08,0:00:58.80,Default,,0000,0000,0000,,application layer or layer 7 of the osi
Dialogue: 0,0:00:58.80,0:01:01.36,Default,,0000,0000,0000,,model and these are considered smarter
Dialogue: 0,0:01:01.36,0:01:02.72,Default,,0000,0000,0000,,they're known as next generation
Dialogue: 0,0:01:02.72,0:01:05.28,Default,,0000,0000,0000,,firewalls also please don't confuse the
Dialogue: 0,0:01:05.28,0:01:07.04,Default,,0000,0000,0000,,application layer tidbit about the
Dialogue: 0,0:01:07.04,0:01:09.28,Default,,0000,0000,0000,,next-gen firewall with a web application
Dialogue: 0,0:01:09.28,0:01:12.64,Default,,0000,0000,0000,,firewall it's not the same thing so
Dialogue: 0,0:01:12.64,0:01:14.96,Default,,0000,0000,0000,,what's a firewall audit a firewall audit
Dialogue: 0,0:01:14.96,0:01:16.48,Default,,0000,0000,0000,,is a process of investigating the
Dialogue: 0,0:01:16.48,0:01:18.80,Default,,0000,0000,0000,,existing aspects of a firewall and this
Dialogue: 0,0:01:18.80,0:01:20.96,Default,,0000,0000,0000,,can include access and connections along
Dialogue: 0,0:01:20.96,0:01:22.00,Default,,0000,0000,0000,,with the identification of
Dialogue: 0,0:01:22.00,0:01:23.84,Default,,0000,0000,0000,,vulnerabilities and reports on any
Dialogue: 0,0:01:23.84,0:01:26.80,Default,,0000,0000,0000,,changes
Dialogue: 0,0:01:26.80,0:01:28.88,Default,,0000,0000,0000,,so why are audits important
Dialogue: 0,0:01:28.88,0:01:30.56,Default,,0000,0000,0000,,with all the compliance standards out
Dialogue: 0,0:01:30.56,0:01:32.64,Default,,0000,0000,0000,,and being used firewall audits are a way
Dialogue: 0,0:01:32.64,0:01:34.08,Default,,0000,0000,0000,,to prove to regulators or business
Dialogue: 0,0:01:34.08,0:01:35.84,Default,,0000,0000,0000,,partners that an organization's network
Dialogue: 0,0:01:35.84,0:01:37.76,Default,,0000,0000,0000,,is secure some of these standards
Dialogue: 0,0:01:37.76,0:01:39.84,Default,,0000,0000,0000,,include things such as the payment card
Dialogue: 0,0:01:39.84,0:01:42.64,Default,,0000,0000,0000,,industry data security standards or pci
Dialogue: 0,0:01:42.64,0:01:43.84,Default,,0000,0000,0000,,dss
Dialogue: 0,0:01:43.84,0:01:46.32,Default,,0000,0000,0000,,the general data protection regulation
Dialogue: 0,0:01:46.32,0:01:47.56,Default,,0000,0000,0000,,gdpr
Dialogue: 0,0:01:47.56,0:01:50.32,Default,,0000,0000,0000,,sarbanes-oxley or sox the health
Dialogue: 0,0:01:50.32,0:01:52.64,Default,,0000,0000,0000,,insurance portability and accountability
Dialogue: 0,0:01:52.64,0:01:55.52,Default,,0000,0000,0000,,act hipaa or the california consumer
Dialogue: 0,0:01:55.52,0:01:58.32,Default,,0000,0000,0000,,privacy act or ccpa
Dialogue: 0,0:01:58.32,0:01:59.84,Default,,0000,0000,0000,,other than firewall audits being
Dialogue: 0,0:01:59.84,0:02:02.80,Default,,0000,0000,0000,,required they're simply best practice if
Dialogue: 0,0:02:02.80,0:02:04.56,Default,,0000,0000,0000,,you audit a firewall you're likely to
Dialogue: 0,0:02:04.56,0:02:06.32,Default,,0000,0000,0000,,catch a weakness or openness within your
Dialogue: 0,0:02:06.32,0:02:08.88,Default,,0000,0000,0000,,network and security posture this way
Dialogue: 0,0:02:08.88,0:02:11.52,Default,,0000,0000,0000,,you can adapt your policies to fit this
Dialogue: 0,0:02:11.52,0:02:13.20,Default,,0000,0000,0000,,doing due diligence is important in
Dialogue: 0,0:02:13.20,0:02:15.68,Default,,0000,0000,0000,,cyber security in reviewing controls and
Dialogue: 0,0:02:15.68,0:02:17.68,Default,,0000,0000,0000,,policies will be one piece that helps
Dialogue: 0,0:02:17.68,0:02:19.68,Default,,0000,0000,0000,,protect an organization if there might
Dialogue: 0,0:02:19.68,0:02:21.44,Default,,0000,0000,0000,,be the unfortunate circumstance of a
Dialogue: 0,0:02:21.44,0:02:23.52,Default,,0000,0000,0000,,lawsuit breach or some sort of
Dialogue: 0,0:02:23.52,0:02:25.92,Default,,0000,0000,0000,,regulatory issue that may come up
Dialogue: 0,0:02:25.92,0:02:27.68,Default,,0000,0000,0000,,auditing a firewall will ensure that
Dialogue: 0,0:02:27.68,0:02:30.40,Default,,0000,0000,0000,,your configuration and rules adhere to
Dialogue: 0,0:02:30.40,0:02:33.28,Default,,0000,0000,0000,,internal cyber security policies
Dialogue: 0,0:02:33.28,0:02:35.68,Default,,0000,0000,0000,,besides safety a firewall audit can help
Dialogue: 0,0:02:35.68,0:02:37.84,Default,,0000,0000,0000,,improve performance by fixing the
Dialogue: 0,0:02:37.84,0:02:40.48,Default,,0000,0000,0000,,optimization of the firewall rule base
Dialogue: 0,0:02:40.48,0:02:41.92,Default,,0000,0000,0000,,and we'll go into that a little bit
Dialogue: 0,0:02:41.92,0:02:43.76,Default,,0000,0000,0000,,later
Dialogue: 0,0:02:43.76,0:02:45.28,Default,,0000,0000,0000,,now let's get into the six steps of the
Dialogue: 0,0:02:45.28,0:02:48.32,Default,,0000,0000,0000,,firewall audit step one collect key
Dialogue: 0,0:02:48.32,0:02:49.60,Default,,0000,0000,0000,,information
Dialogue: 0,0:02:49.60,0:02:51.60,Default,,0000,0000,0000,,this is prior to the audit there needs
Dialogue: 0,0:02:51.60,0:02:53.76,Default,,0000,0000,0000,,to be information gathered during this
Dialogue: 0,0:02:53.76,0:02:55.52,Default,,0000,0000,0000,,time there needs to be visibility into
Dialogue: 0,0:02:55.52,0:02:58.00,Default,,0000,0000,0000,,the network with software hardware
Dialogue: 0,0:02:58.00,0:03:00.40,Default,,0000,0000,0000,,policies and risks
Dialogue: 0,0:03:00.40,0:03:02.00,Default,,0000,0000,0000,,in order to plan the audit you will need
Dialogue: 0,0:03:02.00,0:03:04.40,Default,,0000,0000,0000,,the following key information
Dialogue: 0,0:03:04.40,0:03:07.04,Default,,0000,0000,0000,,copies of the relevant security policies
Dialogue: 0,0:03:07.04,0:03:08.88,Default,,0000,0000,0000,,the firewall logs that can be compared
Dialogue: 0,0:03:08.88,0:03:10.88,Default,,0000,0000,0000,,to the firewall rule base to find which
Dialogue: 0,0:03:10.88,0:03:12.72,Default,,0000,0000,0000,,rules are being used
Dialogue: 0,0:03:12.72,0:03:14.56,Default,,0000,0000,0000,,an accurate and updated copy of the
Dialogue: 0,0:03:14.56,0:03:16.40,Default,,0000,0000,0000,,network in the firewall topology
Dialogue: 0,0:03:16.40,0:03:18.00,Default,,0000,0000,0000,,diagrams
Dialogue: 0,0:03:18.00,0:03:20.16,Default,,0000,0000,0000,,any previous audit documentation
Dialogue: 0,0:03:20.16,0:03:22.80,Default,,0000,0000,0000,,including the rules objects and policy
Dialogue: 0,0:03:22.80,0:03:24.56,Default,,0000,0000,0000,,revisions
Dialogue: 0,0:03:24.56,0:03:27.04,Default,,0000,0000,0000,,vendor firewall information including
Dialogue: 0,0:03:27.04,0:03:29.92,Default,,0000,0000,0000,,the os version latest patches in the
Dialogue: 0,0:03:29.92,0:03:32.24,Default,,0000,0000,0000,,default configuration
Dialogue: 0,0:03:32.24,0:03:34.32,Default,,0000,0000,0000,,and finally understanding all the
Dialogue: 0,0:03:34.32,0:03:36.56,Default,,0000,0000,0000,,critical servers and repositories within
Dialogue: 0,0:03:36.56,0:03:38.80,Default,,0000,0000,0000,,the network
Dialogue: 0,0:03:38.80,0:03:40.24,Default,,0000,0000,0000,,step 2
Dialogue: 0,0:03:40.24,0:03:43.04,Default,,0000,0000,0000,,assess the change management process
Dialogue: 0,0:03:43.04,0:03:44.88,Default,,0000,0000,0000,,the change management process starts
Dialogue: 0,0:03:44.88,0:03:46.48,Default,,0000,0000,0000,,with the request to change some sort of
Dialogue: 0,0:03:46.48,0:03:48.32,Default,,0000,0000,0000,,process or technology
Dialogue: 0,0:03:48.32,0:03:49.60,Default,,0000,0000,0000,,it's from the beginning with a
Dialogue: 0,0:03:49.60,0:03:51.60,Default,,0000,0000,0000,,conception through the implementation
Dialogue: 0,0:03:51.60,0:03:54.24,Default,,0000,0000,0000,,and then to the final resolution
Dialogue: 0,0:03:54.24,0:03:55.84,Default,,0000,0000,0000,,change management within a firewall
Dialogue: 0,0:03:55.84,0:03:57.52,Default,,0000,0000,0000,,audit is important because there needs
Dialogue: 0,0:03:57.52,0:03:59.28,Default,,0000,0000,0000,,to be traceability of any firewall
Dialogue: 0,0:03:59.28,0:04:01.68,Default,,0000,0000,0000,,changes and also ensure compliance for
Dialogue: 0,0:04:01.68,0:04:03.04,Default,,0000,0000,0000,,the future
Dialogue: 0,0:04:03.04,0:04:04.96,Default,,0000,0000,0000,,the most common problems with the change
Dialogue: 0,0:04:04.96,0:04:06.56,Default,,0000,0000,0000,,control involved issues with the
Dialogue: 0,0:04:06.56,0:04:09.12,Default,,0000,0000,0000,,documentation such as not including or
Dialogue: 0,0:04:09.12,0:04:11.20,Default,,0000,0000,0000,,being clear why the change was needed
Dialogue: 0,0:04:11.20,0:04:13.20,Default,,0000,0000,0000,,who authorized the changes in poor
Dialogue: 0,0:04:13.20,0:04:15.60,Default,,0000,0000,0000,,validation of the network impact of each
Dialogue: 0,0:04:15.60,0:04:17.84,Default,,0000,0000,0000,,change
Dialogue: 0,0:04:17.84,0:04:19.36,Default,,0000,0000,0000,,some requirements for the rule-based
Dialogue: 0,0:04:19.36,0:04:22.24,Default,,0000,0000,0000,,change management are the following
Dialogue: 0,0:04:22.24,0:04:23.60,Default,,0000,0000,0000,,make sure the changes are going through
Dialogue: 0,0:04:23.60,0:04:25.60,Default,,0000,0000,0000,,the proper approval and are implemented
Dialogue: 0,0:04:25.60,0:04:28.24,Default,,0000,0000,0000,,by the authorized personnel
Dialogue: 0,0:04:28.24,0:04:30.16,Default,,0000,0000,0000,,changes should be tested and documented
Dialogue: 0,0:04:30.16,0:04:32.16,Default,,0000,0000,0000,,by regulatory and internal policy
Dialogue: 0,0:04:32.16,0:04:33.84,Default,,0000,0000,0000,,requirements
Dialogue: 0,0:04:33.84,0:04:35.76,Default,,0000,0000,0000,,each rule should be noted to include the
Dialogue: 0,0:04:35.76,0:04:38.40,Default,,0000,0000,0000,,change id of the request and have a sign
Dialogue: 0,0:04:38.40,0:04:40.16,Default,,0000,0000,0000,,off with the initials of the person who
Dialogue: 0,0:04:40.16,0:04:42.88,Default,,0000,0000,0000,,implemented the change make sure there
Dialogue: 0,0:04:42.88,0:04:45.20,Default,,0000,0000,0000,,is an expiration date for the change if
Dialogue: 0,0:04:45.20,0:04:47.52,Default,,0000,0000,0000,,one should exist
Dialogue: 0,0:04:47.52,0:04:49.36,Default,,0000,0000,0000,,determine whether there is a formal and
Dialogue: 0,0:04:49.36,0:04:51.12,Default,,0000,0000,0000,,controlled process in place for the
Dialogue: 0,0:04:51.12,0:04:53.28,Default,,0000,0000,0000,,request review approval and
Dialogue: 0,0:04:53.28,0:04:55.84,Default,,0000,0000,0000,,implementation of the firewall changes
Dialogue: 0,0:04:55.84,0:04:57.84,Default,,0000,0000,0000,,and this process should include business
Dialogue: 0,0:04:57.84,0:05:00.32,Default,,0000,0000,0000,,purpose for the change request duration
Dialogue: 0,0:05:00.32,0:05:02.24,Default,,0000,0000,0000,,from the new modification rule
Dialogue: 0,0:05:02.24,0:05:03.84,Default,,0000,0000,0000,,assessment of the potential risk
Dialogue: 0,0:05:03.84,0:05:06.56,Default,,0000,0000,0000,,associated with the new or modified rule
Dialogue: 0,0:05:06.56,0:05:09.20,Default,,0000,0000,0000,,formal approvals from new and modified
Dialogue: 0,0:05:09.20,0:05:11.12,Default,,0000,0000,0000,,rules assignment to the proper
Dialogue: 0,0:05:11.12,0:05:13.36,Default,,0000,0000,0000,,administration for implementation
Dialogue: 0,0:05:13.36,0:05:15.12,Default,,0000,0000,0000,,verification that the change has been
Dialogue: 0,0:05:15.12,0:05:18.16,Default,,0000,0000,0000,,tested and implemented correctly
Dialogue: 0,0:05:18.16,0:05:20.00,Default,,0000,0000,0000,,authorization must be granted to make
Dialogue: 0,0:05:20.00,0:05:22.16,Default,,0000,0000,0000,,these changes and any unauthorized
Dialogue: 0,0:05:22.16,0:05:24.24,Default,,0000,0000,0000,,changes should be flagged for future
Dialogue: 0,0:05:24.24,0:05:26.00,Default,,0000,0000,0000,,investigation
Dialogue: 0,0:05:26.00,0:05:27.44,Default,,0000,0000,0000,,it should be determined whether the
Dialogue: 0,0:05:27.44,0:05:29.52,Default,,0000,0000,0000,,real-time monitoring of changes to the
Dialogue: 0,0:05:29.52,0:05:31.20,Default,,0000,0000,0000,,firewall are enabled
Dialogue: 0,0:05:31.20,0:05:33.20,Default,,0000,0000,0000,,authorized requesters admins and
Dialogue: 0,0:05:33.20,0:05:35.44,Default,,0000,0000,0000,,stakeholders should be given rule change
Dialogue: 0,0:05:35.44,0:05:38.44,Default,,0000,0000,0000,,notifications
Dialogue: 0,0:05:39.12,0:05:41.44,Default,,0000,0000,0000,,step 3 audit the os and physical
Dialogue: 0,0:05:41.44,0:05:43.04,Default,,0000,0000,0000,,security
Dialogue: 0,0:05:43.04,0:05:44.64,Default,,0000,0000,0000,,firewall audits don't just involve the
Dialogue: 0,0:05:44.64,0:05:46.64,Default,,0000,0000,0000,,rule-based policies but the actual
Dialogue: 0,0:05:46.64,0:05:48.24,Default,,0000,0000,0000,,firewall itself
Dialogue: 0,0:05:48.24,0:05:49.60,Default,,0000,0000,0000,,it's important to ensure that the
Dialogue: 0,0:05:49.60,0:05:52.08,Default,,0000,0000,0000,,firewall has both physical and software
Dialogue: 0,0:05:52.08,0:05:54.32,Default,,0000,0000,0000,,security feature verification
Dialogue: 0,0:05:54.32,0:05:56.16,Default,,0000,0000,0000,,this involves the hardware and os
Dialogue: 0,0:05:56.16,0:05:58.64,Default,,0000,0000,0000,,software of the firewall
Dialogue: 0,0:05:58.64,0:06:00.32,Default,,0000,0000,0000,,it's important that there's a physical
Dialogue: 0,0:06:00.32,0:06:02.24,Default,,0000,0000,0000,,security protecting the firewall and
Dialogue: 0,0:06:02.24,0:06:04.08,Default,,0000,0000,0000,,management servers with controlled
Dialogue: 0,0:06:04.08,0:06:05.20,Default,,0000,0000,0000,,access
Dialogue: 0,0:06:05.20,0:06:06.72,Default,,0000,0000,0000,,this ensures that only authorized
Dialogue: 0,0:06:06.72,0:06:08.64,Default,,0000,0000,0000,,personnel are permitted to access the
Dialogue: 0,0:06:08.64,0:06:11.28,Default,,0000,0000,0000,,firewall server rooms
Dialogue: 0,0:06:11.28,0:06:12.96,Default,,0000,0000,0000,,vendor operating system patches and
Dialogue: 0,0:06:12.96,0:06:14.80,Default,,0000,0000,0000,,updates are extremely important and it
Dialogue: 0,0:06:14.80,0:06:16.96,Default,,0000,0000,0000,,should be verified that these are here
Dialogue: 0,0:06:16.96,0:06:18.48,Default,,0000,0000,0000,,the operating system should also be
Dialogue: 0,0:06:18.48,0:06:20.40,Default,,0000,0000,0000,,audited to ensure that it passes common
Dialogue: 0,0:06:20.40,0:06:22.64,Default,,0000,0000,0000,,hardening checklists
Dialogue: 0,0:06:22.64,0:06:24.56,Default,,0000,0000,0000,,the device administration procedure
Dialogue: 0,0:06:24.56,0:06:27.76,Default,,0000,0000,0000,,should also be reviewed
Dialogue: 0,0:06:27.76,0:06:28.96,Default,,0000,0000,0000,,step 4
Dialogue: 0,0:06:28.96,0:06:31.84,Default,,0000,0000,0000,,declutter and improve the rule base
Dialogue: 0,0:06:31.84,0:06:33.52,Default,,0000,0000,0000,,in order to ensure that the firewall
Dialogue: 0,0:06:33.52,0:06:35.60,Default,,0000,0000,0000,,performs at peak performance the rule
Dialogue: 0,0:06:35.60,0:06:38.00,Default,,0000,0000,0000,,base should be decluttered and optimized
Dialogue: 0,0:06:38.00,0:06:39.76,Default,,0000,0000,0000,,this also makes the auditing process
Dialogue: 0,0:06:39.76,0:06:41.76,Default,,0000,0000,0000,,easier and will remove the unnecessary
Dialogue: 0,0:06:41.76,0:06:43.36,Default,,0000,0000,0000,,overhead
Dialogue: 0,0:06:43.36,0:06:45.12,Default,,0000,0000,0000,,to do this start by
Dialogue: 0,0:06:45.12,0:06:46.72,Default,,0000,0000,0000,,deleting the rules that aren't useful
Dialogue: 0,0:06:46.72,0:06:48.96,Default,,0000,0000,0000,,and disable expired and unused rules and
Dialogue: 0,0:06:48.96,0:06:50.56,Default,,0000,0000,0000,,objects
Dialogue: 0,0:06:50.56,0:06:52.48,Default,,0000,0000,0000,,delete the unused connections and this
Dialogue: 0,0:06:52.48,0:06:55.28,Default,,0000,0000,0000,,includes source destination and service
Dialogue: 0,0:06:55.28,0:06:57.20,Default,,0000,0000,0000,,routes that aren't in use
Dialogue: 0,0:06:57.20,0:06:59.04,Default,,0000,0000,0000,,find the similar rules and consolidate
Dialogue: 0,0:06:59.04,0:07:00.80,Default,,0000,0000,0000,,them into one rule
Dialogue: 0,0:07:00.80,0:07:02.64,Default,,0000,0000,0000,,identify and fix any issues that are
Dialogue: 0,0:07:02.64,0:07:04.72,Default,,0000,0000,0000,,over permissive and analyze the actual
Dialogue: 0,0:07:04.72,0:07:07.44,Default,,0000,0000,0000,,policy against firewall logs
Dialogue: 0,0:07:07.44,0:07:09.92,Default,,0000,0000,0000,,analyze vpn parameters in order to
Dialogue: 0,0:07:09.92,0:07:12.48,Default,,0000,0000,0000,,uncover users and groups that are unused
Dialogue: 0,0:07:12.48,0:07:14.80,Default,,0000,0000,0000,,unattached expired or those that are
Dialogue: 0,0:07:14.80,0:07:16.80,Default,,0000,0000,0000,,about to expire
Dialogue: 0,0:07:16.80,0:07:20.08,Default,,0000,0000,0000,,enforce object naming conventions
Dialogue: 0,0:07:20.08,0:07:22.64,Default,,0000,0000,0000,,finally keep a record of rules objects
Dialogue: 0,0:07:22.64,0:07:24.40,Default,,0000,0000,0000,,and policy revisions for future
Dialogue: 0,0:07:24.40,0:07:26.88,Default,,0000,0000,0000,,reference
Dialogue: 0,0:07:27.28,0:07:28.72,Default,,0000,0000,0000,,step 5
Dialogue: 0,0:07:28.72,0:07:31.92,Default,,0000,0000,0000,,perform a risk assessment and fix issues
Dialogue: 0,0:07:31.92,0:07:33.44,Default,,0000,0000,0000,,a thorough and comprehensive risk
Dialogue: 0,0:07:33.44,0:07:35.52,Default,,0000,0000,0000,,assessment will help identify any risky
Dialogue: 0,0:07:35.52,0:07:37.28,Default,,0000,0000,0000,,rules that ensure the rules are
Dialogue: 0,0:07:37.28,0:07:39.04,Default,,0000,0000,0000,,compliant with internal policies and
Dialogue: 0,0:07:39.04,0:07:41.52,Default,,0000,0000,0000,,relevant standards and regulations
Dialogue: 0,0:07:41.52,0:07:43.60,Default,,0000,0000,0000,,this is done by prioritizing the rules
Dialogue: 0,0:07:43.60,0:07:45.76,Default,,0000,0000,0000,,by severity and based on industry
Dialogue: 0,0:07:45.76,0:07:48.00,Default,,0000,0000,0000,,standards and best practices
Dialogue: 0,0:07:48.00,0:07:50.32,Default,,0000,0000,0000,,this is based upon company needs and
Dialogue: 0,0:07:50.32,0:07:53.92,Default,,0000,0000,0000,,risk acceptance of an organization
Dialogue: 0,0:07:53.92,0:07:55.76,Default,,0000,0000,0000,,things to look for
Dialogue: 0,0:07:55.76,0:07:57.04,Default,,0000,0000,0000,,check to see if there are any rules or
Dialogue: 0,0:07:57.04,0:07:58.88,Default,,0000,0000,0000,,go against and violate your corporate
Dialogue: 0,0:07:58.88,0:08:01.20,Default,,0000,0000,0000,,security policy
Dialogue: 0,0:08:01.20,0:08:03.36,Default,,0000,0000,0000,,do any of the firewall rules use any in
Dialogue: 0,0:08:03.36,0:08:06.08,Default,,0000,0000,0000,,the source destination service protocol
Dialogue: 0,0:08:06.08,0:08:08.64,Default,,0000,0000,0000,,application or use fields with a
Dialogue: 0,0:08:08.64,0:08:11.04,Default,,0000,0000,0000,,permissive action
Dialogue: 0,0:08:11.04,0:08:13.36,Default,,0000,0000,0000,,do any of the rules allow risky services
Dialogue: 0,0:08:13.36,0:08:16.16,Default,,0000,0000,0000,,for your dmz to the internal network
Dialogue: 0,0:08:16.16,0:08:18.08,Default,,0000,0000,0000,,what about any rules that allow risky
Dialogue: 0,0:08:18.08,0:08:20.00,Default,,0000,0000,0000,,services from the internet coming
Dialogue: 0,0:08:20.00,0:08:22.48,Default,,0000,0000,0000,,inbound to sensitive servers networks
Dialogue: 0,0:08:22.48,0:08:26.08,Default,,0000,0000,0000,,devices and databases
Dialogue: 0,0:08:26.08,0:08:28.08,Default,,0000,0000,0000,,it's also good to analyze firewall rules
Dialogue: 0,0:08:28.08,0:08:30.32,Default,,0000,0000,0000,,and configurations and check to see if
Dialogue: 0,0:08:30.32,0:08:32.40,Default,,0000,0000,0000,,there are any complying with regulatory
Dialogue: 0,0:08:32.40,0:08:33.44,Default,,0000,0000,0000,,standards
Dialogue: 0,0:08:33.44,0:08:37.52,Default,,0000,0000,0000,,such as pci dss socks iso and other
Dialogue: 0,0:08:37.52,0:08:38.96,Default,,0000,0000,0000,,policies that are relevant to the
Dialogue: 0,0:08:38.96,0:08:40.40,Default,,0000,0000,0000,,organization
Dialogue: 0,0:08:40.40,0:08:42.48,Default,,0000,0000,0000,,these might be policies for hardware
Dialogue: 0,0:08:42.48,0:08:44.24,Default,,0000,0000,0000,,software configurations and other
Dialogue: 0,0:08:44.24,0:08:46.16,Default,,0000,0000,0000,,devices
Dialogue: 0,0:08:46.16,0:08:47.68,Default,,0000,0000,0000,,there should be an action plan for
Dialogue: 0,0:08:47.68,0:08:49.68,Default,,0000,0000,0000,,remediation of these risks and
Dialogue: 0,0:08:49.68,0:08:51.28,Default,,0000,0000,0000,,compliance exceptions that are
Dialogue: 0,0:08:51.28,0:08:54.16,Default,,0000,0000,0000,,identified in the risk analysis it
Dialogue: 0,0:08:54.16,0:08:56.08,Default,,0000,0000,0000,,should be verified that the remediation
Dialogue: 0,0:08:56.08,0:08:58.40,Default,,0000,0000,0000,,efforts have taken place and any rule
Dialogue: 0,0:08:58.40,0:09:01.92,Default,,0000,0000,0000,,changes have been completed correctly
Dialogue: 0,0:09:01.92,0:09:03.84,Default,,0000,0000,0000,,and as always these changes should be
Dialogue: 0,0:09:03.84,0:09:07.40,Default,,0000,0000,0000,,tracked and documented
Dialogue: 0,0:09:08.40,0:09:11.84,Default,,0000,0000,0000,,step six conduct ongoing audits
Dialogue: 0,0:09:11.84,0:09:13.76,Default,,0000,0000,0000,,now that the initial audit is done we
Dialogue: 0,0:09:13.76,0:09:15.52,Default,,0000,0000,0000,,need to continue auditing to ensure that
Dialogue: 0,0:09:15.52,0:09:17.44,Default,,0000,0000,0000,,this is ongoing
Dialogue: 0,0:09:17.44,0:09:19.12,Default,,0000,0000,0000,,ensure that there is a process that is
Dialogue: 0,0:09:19.12,0:09:21.28,Default,,0000,0000,0000,,established and continuous for future
Dialogue: 0,0:09:21.28,0:09:23.28,Default,,0000,0000,0000,,firewall audits
Dialogue: 0,0:09:23.28,0:09:25.76,Default,,0000,0000,0000,,in order to avoid air and manual tasks
Dialogue: 0,0:09:25.76,0:09:27.52,Default,,0000,0000,0000,,these can be automated with analysis and
Dialogue: 0,0:09:27.52,0:09:28.96,Default,,0000,0000,0000,,reporting
Dialogue: 0,0:09:28.96,0:09:31.52,Default,,0000,0000,0000,,all procedures need to be documented
Dialogue: 0,0:09:31.52,0:09:32.88,Default,,0000,0000,0000,,and this is in order to create a
Dialogue: 0,0:09:32.88,0:09:35.04,Default,,0000,0000,0000,,complete audit trail for all firewall
Dialogue: 0,0:09:35.04,0:09:37.44,Default,,0000,0000,0000,,management activities
Dialogue: 0,0:09:37.44,0:09:39.44,Default,,0000,0000,0000,,ensure that there is a robust firewall
Dialogue: 0,0:09:39.44,0:09:41.44,Default,,0000,0000,0000,,change workflow in place to maintain
Dialogue: 0,0:09:41.44,0:09:43.44,Default,,0000,0000,0000,,compliance over time
Dialogue: 0,0:09:43.44,0:09:45.20,Default,,0000,0000,0000,,and finally ensure that there is an
Dialogue: 0,0:09:45.20,0:09:47.20,Default,,0000,0000,0000,,alerting system in place for significant
Dialogue: 0,0:09:47.20,0:09:48.88,Default,,0000,0000,0000,,events and activities
Dialogue: 0,0:09:48.88,0:09:51.28,Default,,0000,0000,0000,,this includes changes to certain rules
Dialogue: 0,0:09:51.28,0:09:53.28,Default,,0000,0000,0000,,or if a new high severity risk is
Dialogue: 0,0:09:53.28,0:09:56.80,Default,,0000,0000,0000,,identified in the policy
Dialogue: 0,0:09:58.16,0:10:00.00,Default,,0000,0000,0000,,thanks for watching i hope you've had
Dialogue: 0,0:10:00.00,0:10:02.56,Default,,0000,0000,0000,,fun learning about firewall auditing
Dialogue: 0,0:10:02.56,0:10:04.08,Default,,0000,0000,0000,,please leave a like and any questions
Dialogue: 0,0:10:04.08,0:10:08.92,Default,,0000,0000,0000,,down in the comment section below thanks
Dialogue: 0,0:10:21.04,0:10:23.12,Default,,0000,0000,0000,,you