Firewalls: Jumpstart for Network and Systems Administrators

Conducting a thorough firewall network security audit has never been more critical. Almost every organization is connected to the Internet in some way, the number of network interconnections between organizations is growing, and the ranks of telecommuters are increasing. Of course, for an audit to be effective, you need to know where and how to look for the major point of vulnerability.
Before starting a firewall network security audit, you should create a project plan that describes what you are preparing to do and the purpose of each step. A full audit should be comprehensive and include the following items:
Desktop software vulnerabilities and policies
External and internal firewall network vulnerabilities (including partner relationships)
Host vulnerabilities (Windows, UNIX, Mac, etc.)
Internal firewall network vulnerabilities
Organizational procedures
Password procedures
Remote user procedures
As you can see from the preceding list, much more than technology needs to be addressed to complete a successful firewall network security audit. A good audit will involve management and will evaluate the policies (or lack thereof) that an organization has in place regarding installed software, passwords, and so on. A formal firewall network security audit consists of four phases:
Assessment During this phase, information is gathered and problems are identified and analyzed.
Critical fixes Problems that are extremely serious or that require only simple quick fixes are addressed during this phase.
Update other fixes During this phase, fixes with low to intermediate priority are addressed.
Continuing...