[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:01.28,Default,,0000,0000,0000,,[Music].
Dialogue: 0,0:00:01.28,0:00:02.96,Default,,0000,0000,0000,,Hey, everyone. Welcome back to Cyber Gray
Dialogue: 0,0:00:02.96,0:00:04.96,Default,,0000,0000,0000,,Matter. In today's video, we're going to
Dialogue: 0,0:00:04.96,0:00:06.72,Default,,0000,0000,0000,,be going over the basics of how to audit
Dialogue: 0,0:00:06.72,0:00:08.88,Default,,0000,0000,0000,,a firewall. This video will have six
Dialogue: 0,0:00:08.88,0:00:11.20,Default,,0000,0000,0000,,steps of the firewall auditing process,
Dialogue: 0,0:00:11.20,0:00:12.48,Default,,0000,0000,0000,,and I think you'll find a lot of these
Dialogue: 0,0:00:12.48,0:00:14.32,Default,,0000,0000,0000,,concepts helpful and correlate to all
Dialogue: 0,0:00:14.32,0:00:16.64,Default,,0000,0000,0000,,general technology fields, including the
Dialogue: 0,0:00:16.64,0:00:19.28,Default,,0000,0000,0000,,emphasis on procedures and documentation.
Dialogue: 0,0:00:19.28,0:00:21.04,Default,,0000,0000,0000,,This video won't be a deep dive into the
Dialogue: 0,0:00:21.04,0:00:22.88,Default,,0000,0000,0000,,technical details, but it goes over
Dialogue: 0,0:00:22.88,0:00:25.04,Default,,0000,0000,0000,,compliance, best practices, and other
Dialogue: 0,0:00:25.04,0:00:26.80,Default,,0000,0000,0000,,security concepts.
Dialogue: 0,0:00:26.80,0:00:28.96,Default,,0000,0000,0000,,It's a good start to get an idea of what
Dialogue: 0,0:00:28.96,0:00:31.20,Default,,0000,0000,0000,,the auditing process is like. Let's jump
Dialogue: 0,0:00:31.20,0:00:33.76,Default,,0000,0000,0000,,right into it.
Dialogue: 0,0:00:33.76,0:00:35.76,Default,,0000,0000,0000,,So, let's start with what a firewall even
Dialogue: 0,0:00:35.76,0:00:36.56,Default,,0000,0000,0000,,is.
Dialogue: 0,0:00:36.56,0:00:38.32,Default,,0000,0000,0000,,A firewall is a networking device and
Dialogue: 0,0:00:38.32,0:00:40.16,Default,,0000,0000,0000,,tool that manages connections between
Dialogue: 0,0:00:40.16,0:00:42.48,Default,,0000,0000,0000,,different internal or external networks.
Dialogue: 0,0:00:42.48,0:00:44.40,Default,,0000,0000,0000,,They can accept or reject connections or
Dialogue: 0,0:00:44.40,0:00:46.64,Default,,0000,0000,0000,,even filter them, and everything is based
Dialogue: 0,0:00:46.64,0:00:47.92,Default,,0000,0000,0000,,on rules.
Dialogue: 0,0:00:47.92,0:00:49.60,Default,,0000,0000,0000,,Remember that firewalls work on the
Dialogue: 0,0:00:49.60,0:00:52.24,Default,,0000,0000,0000,,network and transport layers, so three and
Dialogue: 0,0:00:52.24,0:00:54.56,Default,,0000,0000,0000,,four of the OSI model. However, there are
Dialogue: 0,0:00:54.56,0:00:56.08,Default,,0000,0000,0000,,some firewalls that can operate on the
Dialogue: 0,0:00:56.08,0:00:58.80,Default,,0000,0000,0000,,application layer or layer seven of the OSI
Dialogue: 0,0:00:58.80,0:01:01.36,Default,,0000,0000,0000,,model, and these are considered smarter.
Dialogue: 0,0:01:01.36,0:01:02.72,Default,,0000,0000,0000,,They're known as next-generation
Dialogue: 0,0:01:02.72,0:01:05.28,Default,,0000,0000,0000,,firewalls. Also, please don't confuse the
Dialogue: 0,0:01:05.28,0:01:07.04,Default,,0000,0000,0000,,application layer tidbit about the
Dialogue: 0,0:01:07.04,0:01:09.28,Default,,0000,0000,0000,,next-gen firewall with a web application
Dialogue: 0,0:01:09.28,0:01:12.64,Default,,0000,0000,0000,,firewall. It's not the same thing. So,
Dialogue: 0,0:01:12.64,0:01:14.96,Default,,0000,0000,0000,,what's a firewall audit? A firewall audit
Dialogue: 0,0:01:14.96,0:01:16.48,Default,,0000,0000,0000,,is a process of investigating the
Dialogue: 0,0:01:16.48,0:01:18.80,Default,,0000,0000,0000,,existing aspects of a firewall, and this
Dialogue: 0,0:01:18.80,0:01:20.96,Default,,0000,0000,0000,,can include access and connections, along
Dialogue: 0,0:01:20.96,0:01:22.00,Default,,0000,0000,0000,,with the identification of
Dialogue: 0,0:01:22.00,0:01:23.84,Default,,0000,0000,0000,,vulnerabilities and reports on any
Dialogue: 0,0:01:23.84,0:01:26.80,Default,,0000,0000,0000,,changes.
Dialogue: 0,0:01:26.80,0:01:28.88,Default,,0000,0000,0000,,So, why are audits important?
Dialogue: 0,0:01:28.88,0:01:30.56,Default,,0000,0000,0000,,With all the compliance standards out
Dialogue: 0,0:01:30.56,0:01:32.64,Default,,0000,0000,0000,,and being used, firewall audits are a way
Dialogue: 0,0:01:32.64,0:01:34.08,Default,,0000,0000,0000,,to prove to regulators or business
Dialogue: 0,0:01:34.08,0:01:35.84,Default,,0000,0000,0000,,partners that an organization's network
Dialogue: 0,0:01:35.84,0:01:37.76,Default,,0000,0000,0000,,is secure. Some of these standards
Dialogue: 0,0:01:37.76,0:01:39.84,Default,,0000,0000,0000,,include things such as the Payment Card
Dialogue: 0,0:01:39.84,0:01:43.84,Default,,0000,0000,0000,,Industry Data Security Standards (PCI DSS),
Dialogue: 0,0:01:43.84,0:01:46.32,Default,,0000,0000,0000,,the General Data Protection Regulation
Dialogue: 0,0:01:46.32,0:01:47.56,Default,,0000,0000,0000,,(GDPR),
Dialogue: 0,0:01:47.56,0:01:50.32,Default,,0000,0000,0000,,Sarbanes-Oxley (SOX), the Health
Dialogue: 0,0:01:50.32,0:01:52.64,Default,,0000,0000,0000,,Insurance Portability and Accountability
Dialogue: 0,0:01:52.64,0:01:55.52,Default,,0000,0000,0000,,Act (HIPAA), or the California Consumer
Dialogue: 0,0:01:55.52,0:01:58.32,Default,,0000,0000,0000,,Privacy Act (CCPA).
Dialogue: 0,0:01:58.32,0:01:59.84,Default,,0000,0000,0000,,Other than firewall audits being
Dialogue: 0,0:01:59.84,0:02:02.80,Default,,0000,0000,0000,,required, they're simply best practice. If
Dialogue: 0,0:02:02.80,0:02:04.56,Default,,0000,0000,0000,,you audit a firewall, you're likely to
Dialogue: 0,0:02:04.56,0:02:06.32,Default,,0000,0000,0000,,catch a weakness or openness within your
Dialogue: 0,0:02:06.32,0:02:08.88,Default,,0000,0000,0000,,network and security posture. This way,
Dialogue: 0,0:02:08.88,0:02:11.52,Default,,0000,0000,0000,,you can adapt your policies to fit this.
Dialogue: 0,0:02:11.52,0:02:13.20,Default,,0000,0000,0000,,Doing due diligence is important in
Dialogue: 0,0:02:13.20,0:02:15.68,Default,,0000,0000,0000,,cybersecurity, and reviewing controls and
Dialogue: 0,0:02:15.68,0:02:17.68,Default,,0000,0000,0000,,policies will be one piece that helps
Dialogue: 0,0:02:17.68,0:02:19.68,Default,,0000,0000,0000,,protect an organization, if there might
Dialogue: 0,0:02:19.68,0:02:21.44,Default,,0000,0000,0000,,be the unfortunate circumstance of a
Dialogue: 0,0:02:21.44,0:02:23.52,Default,,0000,0000,0000,,lawsuit, breach, or some sort of
Dialogue: 0,0:02:23.52,0:02:25.92,Default,,0000,0000,0000,,regulatory issue that may come up.
Dialogue: 0,0:02:25.92,0:02:27.68,Default,,0000,0000,0000,,Auditing a firewall will ensure that
Dialogue: 0,0:02:27.68,0:02:30.40,Default,,0000,0000,0000,,your configuration and rules adhere to
Dialogue: 0,0:02:30.40,0:02:33.28,Default,,0000,0000,0000,,internal cybersecurity policies.
Dialogue: 0,0:02:33.28,0:02:35.68,Default,,0000,0000,0000,,Besides safety, a firewall audit can help
Dialogue: 0,0:02:35.68,0:02:37.84,Default,,0000,0000,0000,,improve performance by fixing the
Dialogue: 0,0:02:37.84,0:02:40.48,Default,,0000,0000,0000,,optimization of the firewall rule base,
Dialogue: 0,0:02:40.48,0:02:41.92,Default,,0000,0000,0000,,and we'll go into that a little bit
Dialogue: 0,0:02:41.92,0:02:43.76,Default,,0000,0000,0000,,later.
Dialogue: 0,0:02:43.76,0:02:45.28,Default,,0000,0000,0000,,Now, let's get into the six steps of the
Dialogue: 0,0:02:45.28,0:02:48.32,Default,,0000,0000,0000,,firewall audit. Step 1: Collect Key
Dialogue: 0,0:02:48.32,0:02:49.60,Default,,0000,0000,0000,,Information
Dialogue: 0,0:02:49.60,0:02:51.60,Default,,0000,0000,0000,,This is prior to the audit. There needs
Dialogue: 0,0:02:51.60,0:02:53.76,Default,,0000,0000,0000,,to be information gathered. During this
Dialogue: 0,0:02:53.76,0:02:55.52,Default,,0000,0000,0000,,time, there needs to be visibility into
Dialogue: 0,0:02:55.52,0:02:58.00,Default,,0000,0000,0000,,the network with software, hardware,
Dialogue: 0,0:02:58.00,0:03:00.40,Default,,0000,0000,0000,,policies, and risks.
Dialogue: 0,0:03:00.40,0:03:02.00,Default,,0000,0000,0000,,In order to plan the audit, you will need
Dialogue: 0,0:03:02.00,0:03:04.40,Default,,0000,0000,0000,,the following key information:
Dialogue: 0,0:03:04.40,0:03:07.04,Default,,0000,0000,0000,,Copies of the relevant security policies,
Dialogue: 0,0:03:07.04,0:03:08.88,Default,,0000,0000,0000,,the firewall logs that can be compared
Dialogue: 0,0:03:08.88,0:03:10.88,Default,,0000,0000,0000,,to the firewall rule base to find which
Dialogue: 0,0:03:10.88,0:03:12.72,Default,,0000,0000,0000,,rules are being used,
Dialogue: 0,0:03:12.72,0:03:14.56,Default,,0000,0000,0000,,an accurate and updated copy of the
Dialogue: 0,0:03:14.56,0:03:16.40,Default,,0000,0000,0000,,network and the firewall topology
Dialogue: 0,0:03:16.40,0:03:18.00,Default,,0000,0000,0000,,diagrams,
Dialogue: 0,0:03:18.00,0:03:20.16,Default,,0000,0000,0000,,any previous audit documentation,
Dialogue: 0,0:03:20.16,0:03:22.80,Default,,0000,0000,0000,,including the rules, objects, and policy
Dialogue: 0,0:03:22.80,0:03:24.56,Default,,0000,0000,0000,,revisions,
Dialogue: 0,0:03:24.56,0:03:27.04,Default,,0000,0000,0000,,vendor firewall information, including
Dialogue: 0,0:03:27.04,0:03:29.92,Default,,0000,0000,0000,,the OS version, latest patches, and the
Dialogue: 0,0:03:29.92,0:03:32.24,Default,,0000,0000,0000,,default configuration,
Dialogue: 0,0:03:32.24,0:03:34.32,Default,,0000,0000,0000,,and finally, understanding all the
Dialogue: 0,0:03:34.32,0:03:36.56,Default,,0000,0000,0000,,critical servers and repositories within
Dialogue: 0,0:03:36.56,0:03:38.80,Default,,0000,0000,0000,,the network.
Dialogue: 0,0:03:38.80,0:03:40.24,Default,,0000,0000,0000,,Step 2:
Dialogue: 0,0:03:40.24,0:03:43.04,Default,,0000,0000,0000,,Assess the Change Management Process
Dialogue: 0,0:03:43.04,0:03:44.88,Default,,0000,0000,0000,,The change management process starts
Dialogue: 0,0:03:44.88,0:03:46.48,Default,,0000,0000,0000,,with the request to change some sort of
Dialogue: 0,0:03:46.48,0:03:48.32,Default,,0000,0000,0000,,process or technology.
Dialogue: 0,0:03:48.32,0:03:49.60,Default,,0000,0000,0000,,It's from the beginning with a
Dialogue: 0,0:03:49.60,0:03:51.60,Default,,0000,0000,0000,,conception, through the implementation,
Dialogue: 0,0:03:51.60,0:03:54.24,Default,,0000,0000,0000,,and then to the final resolution.
Dialogue: 0,0:03:54.24,0:03:55.84,Default,,0000,0000,0000,,Change management within a firewall
Dialogue: 0,0:03:55.84,0:03:57.52,Default,,0000,0000,0000,,audit is important because there needs
Dialogue: 0,0:03:57.52,0:03:59.28,Default,,0000,0000,0000,,to be traceability of any firewall
Dialogue: 0,0:03:59.28,0:04:01.68,Default,,0000,0000,0000,,changes and also ensure compliance for
Dialogue: 0,0:04:01.68,0:04:03.04,Default,,0000,0000,0000,,the future.
Dialogue: 0,0:04:03.04,0:04:04.96,Default,,0000,0000,0000,,The most common problems with the change
Dialogue: 0,0:04:04.96,0:04:06.56,Default,,0000,0000,0000,,control involve issues with the
Dialogue: 0,0:04:06.56,0:04:09.12,Default,,0000,0000,0000,,documentation, such as not including or
Dialogue: 0,0:04:09.12,0:04:11.20,Default,,0000,0000,0000,,being clear why the change was needed,
Dialogue: 0,0:04:11.20,0:04:13.20,Default,,0000,0000,0000,,who authorized the changes, and poor
Dialogue: 0,0:04:13.20,0:04:15.60,Default,,0000,0000,0000,,validation of the network impact of each
Dialogue: 0,0:04:15.60,0:04:17.84,Default,,0000,0000,0000,,change.
Dialogue: 0,0:04:17.84,0:04:19.36,Default,,0000,0000,0000,,Some requirements for the rule-based
Dialogue: 0,0:04:19.36,0:04:22.24,Default,,0000,0000,0000,,change management are the following:
Dialogue: 0,0:04:22.24,0:04:23.60,Default,,0000,0000,0000,,Make sure the changes are going through
Dialogue: 0,0:04:23.60,0:04:25.60,Default,,0000,0000,0000,,the proper approval and are implemented
Dialogue: 0,0:04:25.60,0:04:28.24,Default,,0000,0000,0000,,by the authorized personnel,
Dialogue: 0,0:04:28.24,0:04:30.16,Default,,0000,0000,0000,,changes should be tested and documented
Dialogue: 0,0:04:30.16,0:04:32.16,Default,,0000,0000,0000,,by regulatory and internal policy
Dialogue: 0,0:04:32.16,0:04:33.84,Default,,0000,0000,0000,,requirements,
Dialogue: 0,0:04:33.84,0:04:35.76,Default,,0000,0000,0000,,each rule should be noted to include the
Dialogue: 0,0:04:35.76,0:04:38.73,Default,,0000,0000,0000,,change ID of the request and have a sign-off
Dialogue: 0,0:04:38.73,0:04:40.16,Default,,0000,0000,0000,,with the initials of the person who
Dialogue: 0,0:04:40.16,0:04:42.88,Default,,0000,0000,0000,,implemented the change, make sure there
Dialogue: 0,0:04:42.88,0:04:45.20,Default,,0000,0000,0000,,is an expiration date for the change, if
Dialogue: 0,0:04:45.20,0:04:47.52,Default,,0000,0000,0000,,one should exist,
Dialogue: 0,0:04:47.52,0:04:49.36,Default,,0000,0000,0000,,determine whether there is a formal and
Dialogue: 0,0:04:49.36,0:04:51.12,Default,,0000,0000,0000,,controlled process in place for the
Dialogue: 0,0:04:51.12,0:04:53.28,Default,,0000,0000,0000,,request, review, approval, and
Dialogue: 0,0:04:53.28,0:04:55.84,Default,,0000,0000,0000,,implementation of the firewall changes.
Dialogue: 0,0:04:55.84,0:04:57.84,Default,,0000,0000,0000,,And this process should include business
Dialogue: 0,0:04:57.84,0:05:00.32,Default,,0000,0000,0000,,purpose for the change request, duration
Dialogue: 0,0:05:00.32,0:05:02.24,Default,,0000,0000,0000,,from the new modification rule,
Dialogue: 0,0:05:02.24,0:05:03.84,Default,,0000,0000,0000,,assessment of the potential risk
Dialogue: 0,0:05:03.84,0:05:06.56,Default,,0000,0000,0000,,associated with the new or modified rules,
Dialogue: 0,0:05:06.56,0:05:09.20,Default,,0000,0000,0000,,formal approvals from new and modified
Dialogue: 0,0:05:09.20,0:05:11.12,Default,,0000,0000,0000,,rules, assignment to the proper
Dialogue: 0,0:05:11.12,0:05:13.36,Default,,0000,0000,0000,,administration for implementation,
Dialogue: 0,0:05:13.36,0:05:15.12,Default,,0000,0000,0000,,verification that the change has been
Dialogue: 0,0:05:15.12,0:05:18.16,Default,,0000,0000,0000,,tested and implemented correctly.
Dialogue: 0,0:05:18.16,0:05:20.00,Default,,0000,0000,0000,,Authorization must be granted to make
Dialogue: 0,0:05:20.00,0:05:22.16,Default,,0000,0000,0000,,these changes, and any unauthorized
Dialogue: 0,0:05:22.16,0:05:24.24,Default,,0000,0000,0000,,changes should be flagged for future
Dialogue: 0,0:05:24.24,0:05:26.00,Default,,0000,0000,0000,,investigation.
Dialogue: 0,0:05:26.00,0:05:27.44,Default,,0000,0000,0000,,It should be determined whether the
Dialogue: 0,0:05:27.44,0:05:29.52,Default,,0000,0000,0000,,real-time monitoring of changes to the
Dialogue: 0,0:05:29.52,0:05:31.20,Default,,0000,0000,0000,,firewall are enabled.
Dialogue: 0,0:05:31.20,0:05:33.20,Default,,0000,0000,0000,,Authorized requesters, admins, and
Dialogue: 0,0:05:33.20,0:05:35.44,Default,,0000,0000,0000,,stakeholders should be given rule change
Dialogue: 0,0:05:35.44,0:05:38.44,Default,,0000,0000,0000,,notifications.
Dialogue: 0,0:05:39.12,0:05:41.44,Default,,0000,0000,0000,,Step 3: Audit the OS and Physical
Dialogue: 0,0:05:41.44,0:05:43.04,Default,,0000,0000,0000,,Security
Dialogue: 0,0:05:43.04,0:05:44.64,Default,,0000,0000,0000,,Firewall audits don't just involve the
Dialogue: 0,0:05:44.64,0:05:46.64,Default,,0000,0000,0000,,rule-based policies, but the actual
Dialogue: 0,0:05:46.64,0:05:48.24,Default,,0000,0000,0000,,firewall itself.
Dialogue: 0,0:05:48.24,0:05:49.60,Default,,0000,0000,0000,,It's important to ensure that the
Dialogue: 0,0:05:49.60,0:05:52.08,Default,,0000,0000,0000,,firewall has both physical and software
Dialogue: 0,0:05:52.08,0:05:54.32,Default,,0000,0000,0000,,security feature verification.
Dialogue: 0,0:05:54.32,0:05:56.16,Default,,0000,0000,0000,,This involves the hardware and OS
Dialogue: 0,0:05:56.16,0:05:58.64,Default,,0000,0000,0000,,software of the firewall.
Dialogue: 0,0:05:58.64,0:06:00.32,Default,,0000,0000,0000,,It's important that there's physical
Dialogue: 0,0:06:00.32,0:06:02.24,Default,,0000,0000,0000,,security protecting the firewall and
Dialogue: 0,0:06:02.24,0:06:04.08,Default,,0000,0000,0000,,management servers with controlled
Dialogue: 0,0:06:04.08,0:06:05.20,Default,,0000,0000,0000,,access.
Dialogue: 0,0:06:05.20,0:06:06.72,Default,,0000,0000,0000,,This ensures that only authorized
Dialogue: 0,0:06:06.72,0:06:08.64,Default,,0000,0000,0000,,personnel are permitted to access the
Dialogue: 0,0:06:08.64,0:06:11.28,Default,,0000,0000,0000,,firewall server rooms.
Dialogue: 0,0:06:11.28,0:06:12.96,Default,,0000,0000,0000,,Vendor operating system patches and
Dialogue: 0,0:06:12.96,0:06:14.80,Default,,0000,0000,0000,,updates are extremely important, and it
Dialogue: 0,0:06:14.80,0:06:16.96,Default,,0000,0000,0000,,should be verified that these are here.
Dialogue: 0,0:06:16.96,0:06:18.48,Default,,0000,0000,0000,,The operating system should also be
Dialogue: 0,0:06:18.48,0:06:20.40,Default,,0000,0000,0000,,audited to ensure that it passes common
Dialogue: 0,0:06:20.40,0:06:22.64,Default,,0000,0000,0000,,hardening checklists.
Dialogue: 0,0:06:22.64,0:06:24.56,Default,,0000,0000,0000,,The device administration procedure
Dialogue: 0,0:06:24.56,0:06:27.76,Default,,0000,0000,0000,,should also be reviewed.
Dialogue: 0,0:06:27.76,0:06:28.96,Default,,0000,0000,0000,,Step 4:
Dialogue: 0,0:06:28.96,0:06:31.84,Default,,0000,0000,0000,,Declutter and Improve the Rule Base
Dialogue: 0,0:06:31.84,0:06:33.52,Default,,0000,0000,0000,,In order to ensure that the firewall
Dialogue: 0,0:06:33.52,0:06:35.60,Default,,0000,0000,0000,,performs at peak performance, the rule
Dialogue: 0,0:06:35.60,0:06:38.00,Default,,0000,0000,0000,,base should be decluttered and optimized.
Dialogue: 0,0:06:38.00,0:06:39.76,Default,,0000,0000,0000,,This also makes the auditing process
Dialogue: 0,0:06:39.76,0:06:41.76,Default,,0000,0000,0000,,easier and will remove the unnecessary
Dialogue: 0,0:06:41.76,0:06:43.36,Default,,0000,0000,0000,,overhead.
Dialogue: 0,0:06:43.36,0:06:45.12,Default,,0000,0000,0000,,To do this, start by
Dialogue: 0,0:06:45.12,0:06:46.72,Default,,0000,0000,0000,,deleting the rules that aren't useful
Dialogue: 0,0:06:46.72,0:06:48.96,Default,,0000,0000,0000,,and disable expired and unused rules and
Dialogue: 0,0:06:48.96,0:06:50.56,Default,,0000,0000,0000,,objects.
Dialogue: 0,0:06:50.56,0:06:52.48,Default,,0000,0000,0000,,Delete the unused connections, and this
Dialogue: 0,0:06:52.48,0:06:55.28,Default,,0000,0000,0000,,includes source, destination, and service
Dialogue: 0,0:06:55.28,0:06:57.20,Default,,0000,0000,0000,,routes that aren't in use.
Dialogue: 0,0:06:57.20,0:06:59.04,Default,,0000,0000,0000,,Find the similar rules and consolidate
Dialogue: 0,0:06:59.04,0:07:00.80,Default,,0000,0000,0000,,them into one rule.
Dialogue: 0,0:07:00.80,0:07:02.64,Default,,0000,0000,0000,,Identify and fix any issues that are
Dialogue: 0,0:07:02.64,0:07:04.72,Default,,0000,0000,0000,,over-permissive and analyze the actual
Dialogue: 0,0:07:04.72,0:07:07.44,Default,,0000,0000,0000,,policy against firewall logs.
Dialogue: 0,0:07:07.44,0:07:09.92,Default,,0000,0000,0000,,Analyze VPN parameters in order to
Dialogue: 0,0:07:09.92,0:07:12.48,Default,,0000,0000,0000,,uncover users and groups that are unused,
Dialogue: 0,0:07:12.48,0:07:14.80,Default,,0000,0000,0000,,unattached, expired, or those that are
Dialogue: 0,0:07:14.80,0:07:16.80,Default,,0000,0000,0000,,about to expire.
Dialogue: 0,0:07:16.80,0:07:20.08,Default,,0000,0000,0000,,Enforce object naming conventions.
Dialogue: 0,0:07:20.08,0:07:22.64,Default,,0000,0000,0000,,Finally, keep a record of rules, objects,
Dialogue: 0,0:07:22.64,0:07:24.40,Default,,0000,0000,0000,,and policy revisions for future
Dialogue: 0,0:07:24.40,0:07:26.88,Default,,0000,0000,0000,,reference.
Dialogue: 0,0:07:27.28,0:07:28.72,Default,,0000,0000,0000,,Step 5:
Dialogue: 0,0:07:28.72,0:07:31.92,Default,,0000,0000,0000,,Perform a Risk Assessment and Fix Issues
Dialogue: 0,0:07:31.92,0:07:33.44,Default,,0000,0000,0000,,A thorough and comprehensive risk
Dialogue: 0,0:07:33.44,0:07:35.52,Default,,0000,0000,0000,,assessment will help identify any risky
Dialogue: 0,0:07:35.52,0:07:37.28,Default,,0000,0000,0000,,rules and ensure the rules are
Dialogue: 0,0:07:37.28,0:07:39.04,Default,,0000,0000,0000,,compliant with internal policies and
Dialogue: 0,0:07:39.04,0:07:41.52,Default,,0000,0000,0000,,relevant standards and regulations.
Dialogue: 0,0:07:41.52,0:07:43.60,Default,,0000,0000,0000,,This is done by prioritizing the rules
Dialogue: 0,0:07:43.60,0:07:45.76,Default,,0000,0000,0000,,by severity and based on industry
Dialogue: 0,0:07:45.76,0:07:48.00,Default,,0000,0000,0000,,standards and best practices.
Dialogue: 0,0:07:48.00,0:07:50.32,Default,,0000,0000,0000,,This is based upon company needs and
Dialogue: 0,0:07:50.32,0:07:53.92,Default,,0000,0000,0000,,risk acceptance of an organization.
Dialogue: 0,0:07:53.92,0:07:55.76,Default,,0000,0000,0000,,Things to look for:
Dialogue: 0,0:07:55.76,0:07:57.04,Default,,0000,0000,0000,,Check to see if there are any rules or
Dialogue: 0,0:07:57.04,0:07:58.88,Default,,0000,0000,0000,,go against and violate your corporate
Dialogue: 0,0:07:58.88,0:08:01.20,Default,,0000,0000,0000,,security policy,
Dialogue: 0,0:08:01.20,0:08:03.36,Default,,0000,0000,0000,,do any of the firewall rules use any in
Dialogue: 0,0:08:03.36,0:08:06.08,Default,,0000,0000,0000,,the source, destination, service protocol,
Dialogue: 0,0:08:06.08,0:08:08.64,Default,,0000,0000,0000,,application, or use fields with a
Dialogue: 0,0:08:08.64,0:08:11.04,Default,,0000,0000,0000,,permissive action?
Dialogue: 0,0:08:11.04,0:08:13.36,Default,,0000,0000,0000,,Do any of the rules allow risky services
Dialogue: 0,0:08:13.36,0:08:16.16,Default,,0000,0000,0000,,for your DMZ to the internal network?
Dialogue: 0,0:08:16.16,0:08:18.08,Default,,0000,0000,0000,,What about any rules that allow risky
Dialogue: 0,0:08:18.08,0:08:20.00,Default,,0000,0000,0000,,services from the internet coming
Dialogue: 0,0:08:20.00,0:08:22.48,Default,,0000,0000,0000,,inbound to sensitive servers, networks,
Dialogue: 0,0:08:22.48,0:08:26.08,Default,,0000,0000,0000,,devices, and databases?
Dialogue: 0,0:08:26.08,0:08:28.08,Default,,0000,0000,0000,,It's also good to analyze firewall rules
Dialogue: 0,0:08:28.08,0:08:30.32,Default,,0000,0000,0000,,and configurations and check to see if
Dialogue: 0,0:08:30.32,0:08:32.40,Default,,0000,0000,0000,,there are any complying with regulatory
Dialogue: 0,0:08:32.40,0:08:33.44,Default,,0000,0000,0000,,standards
Dialogue: 0,0:08:33.44,0:08:37.52,Default,,0000,0000,0000,,such as PCI DSS, SOX, ISO, and other
Dialogue: 0,0:08:37.52,0:08:38.96,Default,,0000,0000,0000,,policies that are relevant to the
Dialogue: 0,0:08:38.96,0:08:40.40,Default,,0000,0000,0000,,organization.
Dialogue: 0,0:08:40.40,0:08:42.48,Default,,0000,0000,0000,,These might be policies for hardware,
Dialogue: 0,0:08:42.48,0:08:44.24,Default,,0000,0000,0000,,software configurations, and other
Dialogue: 0,0:08:44.24,0:08:46.16,Default,,0000,0000,0000,,devices.
Dialogue: 0,0:08:46.16,0:08:47.68,Default,,0000,0000,0000,,There should be an action plan for
Dialogue: 0,0:08:47.68,0:08:49.68,Default,,0000,0000,0000,,remediation of these risks and
Dialogue: 0,0:08:49.68,0:08:51.28,Default,,0000,0000,0000,,compliance exceptions that are
Dialogue: 0,0:08:51.28,0:08:54.16,Default,,0000,0000,0000,,identified in the risk analysis. It
Dialogue: 0,0:08:54.16,0:08:56.08,Default,,0000,0000,0000,,should be verified that the remediation
Dialogue: 0,0:08:56.08,0:08:58.40,Default,,0000,0000,0000,,efforts have taken place and any rule
Dialogue: 0,0:08:58.40,0:09:01.92,Default,,0000,0000,0000,,changes have been completed correctly.
Dialogue: 0,0:09:01.92,0:09:03.84,Default,,0000,0000,0000,,And, as always, these changes should be
Dialogue: 0,0:09:03.84,0:09:07.40,Default,,0000,0000,0000,,tracked and documented.
Dialogue: 0,0:09:08.40,0:09:11.84,Default,,0000,0000,0000,,Step 6: Conduct Ongoing Audits
Dialogue: 0,0:09:11.84,0:09:13.76,Default,,0000,0000,0000,,Now that the initial audit is done, we
Dialogue: 0,0:09:13.76,0:09:15.52,Default,,0000,0000,0000,,need to continue auditing to ensure that
Dialogue: 0,0:09:15.52,0:09:17.44,Default,,0000,0000,0000,,this is ongoing.
Dialogue: 0,0:09:17.44,0:09:19.12,Default,,0000,0000,0000,,Ensure that there is a process that is
Dialogue: 0,0:09:19.12,0:09:21.28,Default,,0000,0000,0000,,established and continuous for future
Dialogue: 0,0:09:21.28,0:09:23.28,Default,,0000,0000,0000,,firewall audits.
Dialogue: 0,0:09:23.28,0:09:25.76,Default,,0000,0000,0000,,In order to avoid errors and manual tasks,
Dialogue: 0,0:09:25.76,0:09:27.52,Default,,0000,0000,0000,,these can be automated with analysis and
Dialogue: 0,0:09:27.52,0:09:28.96,Default,,0000,0000,0000,,reporting.
Dialogue: 0,0:09:28.96,0:09:31.52,Default,,0000,0000,0000,,All procedures need to be documented
Dialogue: 0,0:09:31.52,0:09:32.88,Default,,0000,0000,0000,,and this is in order to create a
Dialogue: 0,0:09:32.88,0:09:35.04,Default,,0000,0000,0000,,complete audit trail for all firewall
Dialogue: 0,0:09:35.04,0:09:37.44,Default,,0000,0000,0000,,management activities.
Dialogue: 0,0:09:37.44,0:09:39.44,Default,,0000,0000,0000,,Ensure that there is a robust firewall
Dialogue: 0,0:09:39.44,0:09:41.44,Default,,0000,0000,0000,,change workflow in place to maintain
Dialogue: 0,0:09:41.44,0:09:43.44,Default,,0000,0000,0000,,compliance over time.
Dialogue: 0,0:09:43.44,0:09:45.20,Default,,0000,0000,0000,,And finally, ensure that there is an
Dialogue: 0,0:09:45.20,0:09:47.20,Default,,0000,0000,0000,,alerting system in place for significant
Dialogue: 0,0:09:47.20,0:09:48.88,Default,,0000,0000,0000,,events and activities.
Dialogue: 0,0:09:48.88,0:09:51.28,Default,,0000,0000,0000,,This includes changes to certain rules
Dialogue: 0,0:09:51.28,0:09:53.28,Default,,0000,0000,0000,,or if a new high-severity risk is
Dialogue: 0,0:09:53.28,0:09:56.80,Default,,0000,0000,0000,,identified in the policy.
Dialogue: 0,0:09:58.16,0:10:00.00,Default,,0000,0000,0000,,Thanks for watching. I hope you've had
Dialogue: 0,0:10:00.00,0:10:02.56,Default,,0000,0000,0000,,fun learning about firewall auditing.
Dialogue: 0,0:10:02.56,0:10:04.08,Default,,0000,0000,0000,,Please leave a like and any questions
Dialogue: 0,0:10:04.08,0:10:07.33,Default,,0000,0000,0000,,down in the comment section below. Thanks.
Dialogue: 0,0:10:07.33,0:10:13.79,Default,,0000,0000,0000,,[Music].