SANS Firewall Security Policy guidelines helps organizations to manage and configure their perimeter devices which enables them to ensure network security. Firewall Analyzer, helps you to meet the SANS Security Policy requirements at an ease with its out-of-the-box reports. Following are the audit checklist of SANS and the details on how Firewall Analyzer helps to meet them
Rules |
Description |
How Firewall Analyzer meets requirements |
|---|---|---|
4 |
Ensure that logging is enabled and that the logs are reviewed to identify any potential patterns that could indicate an attack |
Firewall Analyzer automatically collects and analyzes all your firewall logs to provide out-of-the-box reports and alerts that helps you to identify potential patterns of security attacks |
9.1 |
Avoid using localhost addresses in security policies |
Firewall Analyzer provides you detailed report on all 'Allowed Rules with Local IP Addresses' that facilitates the decision on which localhost addresses should be used/avoided in security policies |
9.2 |
Avoid using invalid addresses in security policies |
Exhaustive reports on rules that allow traffic to LAN & DMZs via WAN Interface provides information such as the Policy name, rule name, Source, Destination, Service type, Source/Destination Interface and more, which helps you to identify & avoid using invalid addresses in security policies |
9.3 |
Block the Incoming Traffic to broadcast address |
Firewall Analyzer provides you information on configured rules which allow untrust traffic to broadcast address. This enables you to review the rules and block the incoming traffic from untrust zone to broadcast address |
11 |
Block Insecure protocols,services and ports. |
Firewall Analyzer provides you report which gives you detailed information on all the configured rules that allow insecure protocols, services and ports in your network. This report provides better insight of your network and helps you to block the insecure services or protocols |
12 |
Avoid insecure Remote Access |
Firewall Analyzer's 'HTTP Access Details', 'Telnet Access details', 'SSH Access Details', 'User Access Details' reports provides detailed information on inbound/outbound traffic which helps you to block the Remote Access with the insecure services |
15 |
Block UnWanted ICMP Traffic |
Firewall Analyzer provides you detailed report on rules that allow ICMP traffic from Untrust Zone. The solution also provides you the rules report that provide information on Blocked ICMP traffic to Untrust Zone. These two reports help the users to identify the unwanted ICMP traffic and block it |
16 |
IP Readdressing/IP Masquerading |
Firewall Analyzer's detailed rules report on 'All direct connections from untrust sources' helps to review and configure your rules in such a way that it blocks direct connections from untrust zone |
19 |
Allow Traffic that is necessary for business requirements |
Firewall Analyzer helps you to analyze the traffic connections from untrust source with its out-of-the-box reports. This helps you in identifying and allowing the traffic that are necessary for business requirements |
24 |
Continued availability of Firewalls |
Firewall Analyzer provides you an option to backup all firewall data by Active StandBy and supports continued availability of firewalls |
400-660-8680
