Firewall Security Assessments

At a high-level our process for Firewall Security Assessments is as follows:

• First we attack through your defenses exactly as an active adversary would.
• Then we expand the external scope to test for all known weaknesses in your perimeter.
• Then we attack your defenses directly but slowly from multiple countries.
• We use Web Application Firewall (WAF) bypass techniques to evade your WAFs.
• Then we evade your IDS/IPS using a variety of timing and obfuscation techniques.
• In some cases we will use anti-forensic tools to stop network logging and SIEMs.
• We will also leverage Open-Source Intelligence (OSINT) sources to look for past misconfigurations in your firewall over the past few years and also look for data-leaks that may be affecting your organization.
• At this point we deliver a preliminary external report then move to internal testing.
• Now we conduct an inside-out test where we attempt to exfiltrate data from your most sensitive network segments.
• Then we analyze your internal firewall rules blindly to see what an attacker on the inside would see.
• Next we review the devices and related infrastructure itself this includes an analysis of its configuration, firmware, interfaces, memory buffers and active memory.
• Then we do a deep firewall rule analysis. This also can be mapped to a variety of industry or government standards if needed.
• After that, we dig into users, groups, roles and your internal processes.
• We can also analyze performance and make buffer tuning recommendations if needed.
• Optionally we can conduct a failover analysis and deep reliability checks.
• Process and policies can optionally be included.
• Disaster recovery and Business Continuity can also be audited if needed. Etc.

Again, this is just a high-level overview of our process. If you’d like to know more contact us.