Firewall Security Assessments
At a high-level our process for Firewall Security Assessments is as follows:
- First we attack through your defenses exactly as an active adversary would.
- Then we expand the external scope to test for all known weaknesses in your perimeter.
- Then we attack your defenses directly but slowly from multiple countries.
- We use Web Application Firewall (WAF) bypass techniques to evade your WAFs.
- Then we evade your IDS/IPS using a variety of timing and obfuscation techniques.
- In some cases we will use anti-forensic tools to stop network logging and SIEMs.
- We will also leverage Open-Source Intelligence (OSINT) sources to look for past misconfigurations in your firewall over the past few years and also look for data-leaks that may be affecting your organization.
- At this point we deliver a preliminary external report then move to internal testing.
- Now we conduct an inside-out test where we attempt to exfiltrate data from your most sensitive network segments.
- Then we analyze your internal firewall rules blindly to see what an attacker on the inside would see.
- Next we review the devices and related infrastructure itself this includes an analysis of its configuration, firmware, interfaces, memory buffers and active memory.
- Then we do a deep firewall rule analysis. This also can be mapped to a variety of industry or government standards if needed.
- After that, we dig into users, groups, roles and your internal processes.
- We can also analyze performance and make buffer tuning recommendations if needed.
- Optionally we can conduct a failover analysis and deep reliability checks.
- Process and policies can optionally be included.
- Disaster recovery and Business Continuity can also be audited if needed. Etc.
Again, this is just a high-level overview of our process. If you’d like to know more contact us.