Firewall Review

Service Profile

FFIEC guidance calls for quarterly firewall policy (rules) audits or review. Significant network or rule changes may also warrant a firewall policy audit or review. NIST, PCI and HIPAA/HITECH have similar requirements as well. 10-D Security offers both quarterly and annual firewall reviews.

In today’s environments we often see the management of firewalls outsourced and all but forgotten by the institution. Most managed service providers are not conducting independent reviews of the managed firewall configuration or rules as part of the service agreement. A misconfiguration or undesirable rule will still affect the institution regardless of who's managing it.

Rules are added, but rarely removed after they are no longer relevant. Over time, stale rules add to management overhead, and possible security issues.

In the old days, firewalls were overly permissive out of the box. While this is generally not the case any more, we still see firewalls configured to be wide open outbound so things will “just work”, going against established guidelines and best practices.

There are many reasons behind performing regular firewall reviews and all of them will serve to better protect a company's IT Infrastructure as well as meet regulatory requirements.

For those not comfortable with doing this internally or for those that would just like to have an extra set of eyes review their firewall let us know, we will be glad to help.

The Difference

The Client

This assessment is appropriate for organizations when the following apply:

The Scope

The scope of our Firewall Review is straight forward, and includes the following:

Please contact us for a quote or additional information at or 877-204-5769.