These requirements are mandatory to ensure a secure firewall system.
All network related documentation must be updated and currency of content maintained. Network related documentation should be appropriately identified with date, version number, and commentary as to what changes have been made to the content. All such changes should be managed via a formal change control mechanism. In order to ensure that the firewall is securing the required section of the network a detailed diagram of the network may be required. This can be used to ensure that the firewall is protecting what it should be protecting and will help in identifying any weaknesses that may exist within the firewall setup.
Management should document a formal change control policy for amending the firewall’s configuration. This policy should describe the principles and objectives on which change control process should op-erate. Having defined when changes should be performed, the objectives should describe change re-quirements (that is-key standards). Change Control is required to ensure that administrators of the firewall are in fact performing the task required of them. This is done to
1. ensure changes made reflect the change in policy.
2. ensure the administrators do not perform changes without notification.
Non conformance may result in loss of control over changes to network devices resulting in unauthorised access into a device and the potential for an unauthorised person to alter security configuration parameters.
Personnel installing changes must be authorised to do so and held accountable for the change. If the organisation does not identify the authorised individuals who update the firewall, the risk increases of unauthorised changes to configurations
Firewall documentation should exist, and as a minimum detail the firewall policy and the rational for the inclusion of each individual rule. Documentations should also justify the exclusion of specific rules, where the absence impacts on the security of the firewall and/or the corporate network. In order to de-sign a rule base it is important to have supporting documentation outlining the policies required by the organisation. These should be kept up to date to reflect the actually policies in place on the firewall(s).
Ensure that the Firewall and the network cabling related to it are physically secured. Physical access to the firewall or the related network cabling provides opportunities for an intruder to bypass the firewall itself.
Ensure that patches to the base operating system and to the firewall are current. For a firewall to be successful it must operate on a secure operating system. If the firewall is running on an inferior system then it is open to attacks not possible according to the firewall. It should be ensured that the system the firewall is run on is secure and that all patches have been applied.
Ensure that backup procedures exist for the firewall configuration and the log files. The firewall should be backed up to ensure quick recovery from data loss. The log files should be archived separately to ensure a permanent record of transactions. The archived logfiles should be removed from the firewall as they will slowly consume all available space on the system, potentially causing failures. There should be sufficient space for the log files to reduce the risk that the partition will be deliberately filled by an attacker.
If Alerts are enabled then there should exist a documented procedure for handling the alert