Home » Tag: Remote access

Tag Archives: Remote access

Home » Tag: Remote access

22 TOP Cybersecurity Checklists

A cybersecurity checklist is important since cybersecurity investments can be a complicated process. An organization must first identify vulnerable assets, determine how vulnerable they are, and allocate sufficient budgets needed to enhance their security. In any cybersecurity program, companies should, at the very least, include the following:

Procedures for identifying and assessing cybersecurity threats and risks
Secure assets from attempted cyber intrusions
Detect instances of IT assets and systems being compromised
Plan a response in anticipation of a data breach or security compromise
Plan and implement a recovery plan for recovering unavailable, stolen, or lost assets

Developing a holistic program means covering all IT assets and information systems. For organizations with vast software, hardware, or network products, it can be challenging to develop an all-rounded cybersecurity program. This necessitates the use of a cybersecurity checklist. A cybersecurity checklist lists items that must be protected. It identifies and documents a set of cybersecurity procedures, standards, policies, and controls. The following sections discuss important items that must be included in a cybersecurity checklist.

Overarching best security practices

All organizations should identify the best security practices when accessing or handling sensitive data and critical information systems. The following three items are essential to maintaining a useful cybersecurity checklist.

1. Documented Policies

Documented policies list the security guidelines and obligations of employees when interacting with company systems or networks. The policies enable an organization to ensure employees, third parties, or managed service providers observe minimum but mandatory security measures. Common policies to include in a cybersecurity checklist include acceptable use, internet access, email and communication, remote access, BYOD, encryption and privacy, and disaster recovery.

2. Acceptable use Policy

A cybersecurity checklist should include an acceptable use policy. Acceptable use consists of various rules that govern the use of an organization’s IT assets or data. The policy is crucial since it prevents system users from participating in practices that can impact the cybersecurity of an organization. All new users, which might be employees, third parties, and contractors, must accept to have read and understood the stipulated rules. This is before being allowed to access company networks and computer systems. By acknowledging to understand the policy, users agree to use information systems according to the organization’s minimum-security recommendations. As such, a business can be assured that user activities will not introduce security risks and threats.

3. Internet access policy

The internet has become ingrained in the daily activities of most individuals. People use the internet for research, accessing cloud services, communication through emails or social media platforms, among others. However, the same internet can be the downfall of an organization due to various reasons. For instance, cyber actors use the internet to deliver malware. They can place malware on a specific website such that any user who visits it downloads and installs the malware. Such and other attacks executed through the internet are frequent. Therefore, a cybersecurity checklist should include a policy governing internet usage within an organization. Internet access policy contains guidelines regarding how users can access and interact with the internet. For instance, an internet access policy can prohibit users from visiting specific websites, or the frequency with which they can access social media platforms. This can facilitate the adoption of bolstered and strengthened cybersecurity postures.

4. Emails and communication policy

Emails are used for both internal and external communication. All employees in an organization must, therefore, have an email account. Emails are also an attacker’s preferred mode of delivering phishing malware. Hackers send emails in batches to multiple targets hoping that one will click on the links or attachments containing malware. A policy regarding email usage can enable a company to prevent phishing attacks, thus improving the security of its data and systems. Such a policy can include rules requiring employees not to open emails sent by unknown people. Also, it can require that all incoming emails be scanned to detect malicious attachments or links with hidden malware. Additionally, an email and communications policy should require employees to avoid using personal emails when communicating work-related data. Such policies are essential to ensuring organizational security and should, therefore, be included in a cybersecurity checklist.

5. Remote access policy

More businesses are adopting cloud technologies. This is to enhance their data collection and processing techniques and to improve employee productivity. Since cloud services are becoming more ingrained in running daily business operations, a cybersecurity checklist must contain a remote access policy. Remote access policies provide the necessary security requirements users should consider when accessing cloud accounts remotely. The cloud permits users to access data and other services from any location and device. This means that they can opt to work remotely outside the office. A remote access policy ensures that they observe secure practices when accessing sensitive information. For instance, the policy can require employees to use a VPN when accessing through a public and insecure internet network.

6. Bring Your Own Device (BYOD) policy

Internet of Things has proliferated in recent years, leading to increased use of internet-enabled devices. The trend has seen most employees prefer using personal devices such as smartwatches, laptops, smartphones, and tablets to accomplish their assigned duties. This results in increased risks since the more the devices in use, the more the number of entry points a hacker can choose from. That notwithstanding, users may be unable to identify vulnerabilities present in their devices. Connecting to a corporate network or accessing data using vulnerable devices threatens their integrity, confidentiality, and availability. A BYOD policy enables an organization to manage the use of personal devices within a work environment, thus alleviating risks that can impact its overall security. A BYOD policy can include requirements such as employees to only connect to the corporate network using devices provided by the organization.

A BYOD policy should be updated frequently to ensure it covers all emerging technologies. Including a BYOD policy in a cybersecurity checklist facilitates the secure usage of personal devices, thus protecting an organization from multiple threat sources.

7. Encryption and privacy

Sometimes, cyber adversaries manage to bypass the most secure networks and systems. As such, organizations are not fully guaranteed that their data and classified information is 100% secure. An encryption and privacy policy should hence be a requirement in all processes where users interact with organizational data. The encryption and privacy policy should require users to encrypt all data, whether it is at rest or in transit. Encrypting data provides an additional security layer to the encrypted information if cyber adversaries manage to breach the adopted cyber defenses. Moreover, the policy should include the preferred encryption technique to ascertain that all users use the same level of standard encryption techniques. Encryption should be included in all cybersecurity programs and checklists since it is the simplest method for preserving data integrity, confidentiality, and availability.

8. Disaster recovery policy

As previously stated, adopting the most powerful security solutions do not guarantee that an organization is entirely secure. In anticipation of the occurrence of a cyber-attack, businesses should maintain effective disaster recovery policies. A disaster recovery policy contains a set of actions that different users should undertake to recover from an attack. Developing effective disaster recovery policies can facilitate a company’s efforts to contain an attack. Also, by maintaining and continuously updating a disaster recovery policy, a business assigns its employees the roles to complete to ensure a speedy recovery of critical data, networks, or computer systems. The policy further addresses the communication channels to ensure that the involved personnel has a seamless communication during the entire time of a disaster recovery process. A disaster recovery policy should, therefore, be at the heart of all cybersecurity checklists.

9. Modern and updated software

Every business should consider including the use of modern software programs in its cybersecurity checklist. Acquiring up-to-date software is vital to enhancing the security of an organization. This is because modern software programs are developed to be resilient against current risks and attacks. Using legacy operating or software systems introduces various security challenges. They might be containing unaddressed vulnerabilities, or their vendors might have stopped supporting them in releasing security updates and patches. Using current software does not necessarily mean that it is entirely secure. Vulnerabilities emerge all the time, and failing to address them can provide hackers with a playing ground for exploiting the vulnerabilities. As such, a cybersecurity checklist should include a patch management program. Software or hardware vendors release security patches to mitigate vulnerabilities as they occur. Regularly applying security patches can help protect an organization from cyber-attack incidences.

10. Frequent employee training

More than 90% of the cyber incidences are caused by erroneous user mistakes or due to cybersecurity ignorance. For example, an employee leaving a computer without locking can result in disastrous data breaches. For this reason, all organizations need to include frequent training and awareness campaigns in their cybersecurity programs. Training and awareness provide employees with skills for securely using organizational systems, data, and networks. It also ensures that they are capable of identifying security risks, managing them, and reporting them to the relevant personnel.

In this regard, an employee training program should train employees on how to secure their workstations, emails, cloud accounts, and other types of information systems. Also, a training program should enable employees to understand how they can identify phishing emails and the actions they should undertake once identified. Such measures include marking the sender’s email address as spam, reporting to IT, and alerting other employees of the attempted phishing attacks. There are other training items to be considered when developing an awareness and training program. These should be included to meet a company’s security needs.

User security measures

A practical cybersecurity checklist should contain measures that are specific to network and system users. The standards ensure that an organization remains protected whenever a user accesses the IT assets at his disposal. The following items need to be included in a cybersecurity checklist. This is to ascertain that user behaviors do not impact organizational cybersecurity.

11. Password etiquette

Password etiquette refers to what consists of best password management practices. Passwords are often the most used defenses at all levels, and users must ensure that they observe best password practices. An essential password security requirement is users should always create robust passwords. The guidelines to consider include combining different characters such as numbers, alphabetical letters, and special symbols. This is to minimize the possibility of cyber adversaries guessing the passwords.

Also, a business should require users to create lengthy passwords. Passwords with 6-10 characters can provide sufficient security. It is also crucial for users to frequently change and update their passwords. A rogue college might access stored passwords and use them for identity theft or other malicious activities. To ensure high password complexity, users should consider using passphrases. These are strings of different words required to access a system. These and other password requirements should be included in a cybersecurity checklist.

12. Auditing disabled accounts

Work accounts such as email and cloud accounts can be disabled due to various reasons. These reasons can include employees being reassigned to new roles and responsibilities, or if an employee stops working in an organization. Auditing disabled accounts allow a system administrator to identify accounts that are no longer in use. Disabled accounts provide security risks since malicious actors can access them along with all permissions and privileges. As such, they can gain system and data access while posing as legitimate users. An audit of all outdated accounts ensures that those no longer in use are closed and deleted. Including auditing disabled or outdated accounts in a cybersecurity checklist enable a company to close all loopholes that can give adversaries unauthorized access to protected systems and information.

13. Preventing shared passwords and accounts

Preventing users from sharing the same passwords or work accounts should be a priority for any cybersecurity program or checklist. Allowing users to share work accounts and passwords can result in highly impactful security risks. For example, it can be difficult to trace the user responsible for a security incidence if it involves a shared account. Besides, allowing employees to share accounts and passwords encourages insider threats and attacks. Employees participating in malicious activities can deny any accusations, pointing out that they are not the only ones with access to the account in question. Therefore, including the prevention of shared passwords and accounts as an item in a cybersecurity checklist can ensure a company audits all accounts. Subsequently, insider threats can be minimized, thus leading to enhanced cybersecurity.

14. Use of secure websites

The use of secure websites, when connected to an organization’s network, should be a mandatory item in a cybersecurity checklist. Every business should require employees to only share organizational information or any sensitive data like passwords through secure websites. Secure sites have an https connection, which means that the connection is encrypted. Encrypted connections allow secure data and information transfer, which is vital to ensuring that its integrity and confidentiality remains intact. Including the use of secure and encrypted websites in a cybersecurity checklist can enable a company to block users from accessing insecure websites. This eliminates instances where cyber incidences are as a result of the information being compromised through vulnerable sites. Such sites have a http connection and as such, lacks the necessary encryption schemes.

Email security

Almost all communication processes are done via email communication. Emails, however, provided the highest risks since they are a preference for delivering malware and viruses for most cyber actors. It is, therefore, essential for an organization to include email security in its cybersecurity checklist. The following are some of the points to consider in email security.

15. Filtering tools

Email communication is the most widely used platform for executing phishing attacks and delivering malware. Phishing attacks are where cyber adversaries target multiple users with messages crafted to appeal to their interests. This is to trick them into clicking on a link or attachment that contains hidden malware. To ensure that such malware programs are caught before a user downloads them, businesses need to install tools for filtering all incoming messages. As such, they can detect embedded malware and prevent them from accessing the company’s networks or computer systems.

16. Email policy

Developing and regularly updating an email policy should be included in a cybersecurity checklist. Emails can still be hacked without the knowledge of an organization, as email security is usually the responsibility of the email service provider. Documenting an email policy identifies the types of information that users are permitted or prohibited from sharing through emails. For example, an email policy can prevent users from sharing passwords, personal data, or financial information through emails.

Website security

Businesses use their websites for marketing their products and services. They also use emails to interact with customers by responding to inquiries or customer feedback. In some cases, some companies might collect a client’s personal information through their websites. Website security should, therefore, be an essential item in a cybersecurity checklist. There are two main points to consider to realize optimum website security.

17. SSL certification

Companies need to obtain an SSL (Secure Sockets Layer) certification. An SSL certified website means that it is secure, and it provides end-to-end encryption between a client and a server. By being SSL certified, a user can confidently transmit sensitive information without fearing that it will be intercepted and modified before it reaches the intended target. Moreover, an SSL certified website not only means that users can access it and securely request or transmit information, but it also builds a company’s reputation. Customers prefer submitting their information through secure sites, and SSL certificate gains their confidence. As such, it is necessary to include SSL certification in a cybersecurity checklist.

18. Secure web hosting provider

An organization should only seek the services of a secure web hosting provider. The key attributes to include in a cybersecurity checklist are the provider’s ability to isolate hosting accounts, mechanisms for regularly backing up the website, and the ability to maintain the server logs.

Network security

Ensuring network security is crucial to any business. Cyber adversaries are always looking for exploitable network vulnerabilities to gain unauthorized access. The following items should be present in a cybersecurity checklist to realize maximum website security.

19. Powerful firewalls

A network should be secured using powerful firewalls. Combining several firewalls can provide enhanced network security. Protecting networks using a firewall facilitates the development of filtering rules in accordance with an organization’s security requirements. The rules are for filtering out incoming malicious connections that can affect the security of the network.

20. Password protection

Maintain password security ensures only users with the correct permissions can connect to the network. A business should hence apply password security in its Wi-Fi routers to ensure only employees can access internal networks. To minimize the risk of a malicious user from accessing the corporate network, a business should provide guests with a separate Wi-Fi network.

21. Network segmentation

Network segmentation entails splitting a network into small but manageable segments. Network segmentation enhances both the security and performance of the network. In the event that a hacker accesses a part of a network, a segmented network can prevent the adversary from accessing other systems that are not connected to the same network. This is as opposed to an unsegmented network, where an adversary can move laterally, gaining access to all connected systems.

22. Automatic computer lock screens

Computers should be equipped with an automatic lock screen functionality. They should be set to lock automatically, say after three minutes of inactivity. This is to prevent unauthorized users from accessing the computer and the network in extension.

For Security Audit, Please contact us on

Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Checklist

Firewall Hardening Checklist

This checklist should be used to audit a firewall. This checklist does not provide vendor specific security considerations but rather attempts to provide a generic listing of security considerations to be used when auditing a firewall.Only technical aspects of security are addressed in this checklist. Manual elements like physical protection for the firewall server is not considered.

Prior to using this checklist the following elements should be considered:

Operating system: This checklist only defines the security items relating the firewall software and not to any security elements of the operating system.
Port restrictions: A listing of ports to be restricted are highlighted in this checklist.However, prior to recommending that the ports be restricted, the auditor should ensure that the service associated with that port is not used by the business e.g.remote access via telnet. Where such situations exist this checklist attempts to provide alternate security options if the service is needed e.g. use SSH instead of Telnet.
Modems within the internal network: Modems within the internal network are the biggest threat to subvert a firewall and thus the auditor should ensure that there of 6are no modems within the internal network. It is senseless performing an audition the firewall when an even bigger threat exists via the modem. The auditor should perform war dialing to identify any modems within the internal network with tools like phone sweeper.
Application level firewalls: The inherent nature of application level firewalls require that the operating system be as secure as possible due to the close binding of these two components. Thus, the auditor should ensure that the security on the operating system is secure before evaluating the security offered by the application level firewall.
De fence in depth: It must be recognized that the firewall implementation is a notan end to itself to provide security. Thus, it is vital that the auditor evaluate the security of the other components like IDS, operating systems, web applications,IIS/Apache, routers and databases. Some organizations have opted for firewall network appliances, which are firewalls loaded onto operating systems which have their security already pre configured. In such instances, the auditor need only review the security of the firewall configuration instead of the operating system as well.
Rulesets: This checklist provides a listing of best practice rule sets to be applied.However, the organizational requirements may not need all of the rule sets. Fore.g. where an organization has a need to allow access via the internet to critical servers, the rule sets wound not include a deny rule to that internal IP address forthe critical server. Instead it may provide for allow access to HTTP 80 to the critical IP and deny all other traffic to the critical IP. It must be noted that some elements of the recommended rule sets have to be applied irrespective of business requirements e.g. blocking private addresses (RFC1918), illegal addresses, standard unroutables, reserved addresses, etc.
Laptop users: Most organizations use mobile laptops for telecommuting and on the road sales, etc. This provides a further vulnerability even if the organization operates a VPN. The hacker could easily gain access to the laptop when it is connected to the internet and download tools to the laptop that can become a problem when the laptop is again connected to the corporate network. In a VPN situation, the hacker with access to the remote station once the tunnel is connected, can access the corporate network. In such a circumstance, it is important for the auditor to determine if laptop usage occurs and to evaluate whether personal firewalls are installed on these laptops prior to usage. This checklist provides a generic set of considerations for personal firewalls, but it does not provide any product specific security recommendations.

Checklist


	No.	Security Elements
	1.	Review the rulesets to ensure that they follow the order as follows:
		anti-spoofing filters (blocked private addresses, internal addresses
		appearing from the outside)
		User permit rules (e.g. allow HTTP to public webserver)
		Management permit rules (e.g. SNMP traps to network
		management server)
		Noise drops (e.g. discard OSPF and HSRP chatter)
		Deny and Alert (alert systems administrator about traffic that is
		suspicious)
		Deny and log (log remaining traffic for analysis)
		Firewalls operate on a first match basis, thus the above structure is important
		to ensure that suspicious traffic is kept out instead of inadvertently allowing
		them in by not following the proper order.

2. Application based firewall
Ensure that the administrators monitor any attempts to violate the security policy using the audit logs generated by the application level firewall. Alternatively some application level firewalls provide the functionality to log to intrusion detection systems. In such a circumstance ensure that the correct host, which is hosting the IDS, is defined in the application level firewall. Ensure that there is a process to update the application level firewall’s vulnerabilities checked to the most current vulnerabilities.Ensure that there is a process to update the software with the latest attack signatures.In the event of the signatures being downloaded from the vendors’ site, ensure that it is a trusted site.

In the event of the signature being e-mailed to the systems administrator, ensure that digital signatures are used to verify the vendor and that the information transmitted has not been modified en-route.

The following commands should be blocked for SMTP at the application level firewall:

EXPN (expand)
VRFY (verify)
DEBUG
WIZARD

The following command should be blocked for FTP:

PUT

Review the denied URL’s and ensure that they are appropriate for e.g. any URL’s to hacker sites should be blocked. In some instances organisations may want to block access to x-rated sites or other harmful sites. As such they would subscribe to sites, which maintain listings of such harmful sites. Ensure that the URL’s to deny are updated as released by the sites that warn of harmful sites.

Ensure that only authorised users are authenticated by the application level firewall.

3. Stateful inspection

Review the state tables to ensure that appropriate rules are set up in terms of source and destination IP’s, source and destination ports and timeouts. Ensure that the timeouts are appropriate so as not to give the hacker too much time to launch a successful attack.

For URL’s

If a URL filtering server is used, ensure that it is appropriately defined in the firewall software. If the filtering server is external to the organisation ensure that it is a trusted source.
If the URL is from a file, ensure that there is adequate protection for this file to ensure no unauthorised modifications.

Ensure that specific traffic containing scripts; ActiveX and java are striped prior to being allowed into the internal network.

If filtering on MAC addresses is allowed, review the filters to ensure that it is restricted to the appropriate MAC’s as defined in the security policy.

Logging
Ensure that logging is enabled and that the logs are reviewed to identify any potential patterns that could indicate an attack.
Patches and updates
Ensure that the latest patches and updates relating to your firewall product is tested and installed.
If patches and updates are automatically downloaded from the vendors’ websites, ensure that the update is received from a trusted site.


	In the event that patches and updates are e-mailed to the systems
	administrator ensure that digital signatures are used to verify the vendor and
	ensure that the information has not been modified en-route.
6.	Location – DMZ
	Ensure that there are two firewalls – one to connect the web server to the
	internet and the other to connect the web server to the internal network.
	In the event of two firewalls ensure that it is of different types and that dual
	NIC’s are used. This would increase security since a hacker would need to
	have knowledge of the strengths, weaknesses and bugs of both firewalls.
	The rulesets for both firewalls would vary based on their location e.g. between
	web server and the internet and between web server and the internal network.
7.	Vulnerability assessments/ Testing
	Ascertain if there is a procedure to test for open ports using nmap and whether
	unnecessary ports are closed.
	Ensure that there is a procedure to test the rulesets when established or
	changed so as not to create a denial of service on the organisation or allow
	any weaknesses to continue undetected.
8.	Compliance with security policy
	Ensure that the ruleset complies with the organisation security policy.
9.	Ensure that the following spoofed, private (RFC 1918) and illegal addresses
	are blocked:
	Standard unroutables
		255.255.255.255
		127.0.0.0
	Private (RFC 1918) addresses
		10.0.0.0 – 10.255.255.255
		172.16.0.0 – 172.31.255.255
		192.168.0.0	– 192.168.255.255
	Reserved addresses
		240.0.0.0
	Illegal addresses
		0.0.0.0
	UDP echo
	ICMP broadcast (RFC 2644)
	Ensure that traffic from the above addresses is not transmitted by the
	interface.
10.	Ensure that loose source routing and strict source routing (lsrsr & ssrr) are
	blocked and logged by the firewall.
11.	Port restrictions
	The following ports should blocked:
		Service		Port Type	Port Number
	DNS Zone Transfers			TCP	53
	TFTP Daemon			UDP	69
	Link			TCP	87
	SUN RPC			TCP & UDP	111
	BSD UNIX			TCP	512 – 514
	LPD			TCP	515
	UUCPD			TCP	540
	Open Windows			TCP & UDP	2000
	NFS			TCP & UDP	2049
	X Windows			TCP & UDP	6000 – 6255
	Small services			TCP & UDP	20 and below

Small services	TCP & UDP	20 and below
FTP	TCP	21
SSH	TCP	22
Telnet	TCP	23
SMTP (except external	TCP	25
mail relays)
NTP	TCP & UDP	37
Finger	TCP	79
HTTP (except to external	TCP	80
web servers)
POP	TCP	109	&110
NNTP	TCP	119
NTP	TCP	123
NetBIOS in Windows NT	TCP &UDP	135
NetBIOS in Windows NT	UDP	137	& 138
NetBIOS	TCP	139
IMAP	TCP	143
SNMP	TCP	161	&162
SNMP	UDP	161	&162
BGP	TCP	179
LDAP	TCP &UDP	389
SSL (except to external	TCP	443
web servers)
NetBIOS in Win2k	TCP &UDP	445
Syslog	UDP	514
SOCKS	TCP	1080
Cisco AUX port	TCP	2001
Cisco AUX port (stream)	TCP	4001
Lockd (Linux DoS	TCP &UDP	4045
Vulnerability)
Cisco AUX port (binary)	TCP	6001
Common high order	TCP	8000, 8080, 8888
HTTP ports

Remote access
If remote access is to be used, ensure that the SSH protocol (port 22) is used instead of Telnet.
File Transfers
If FTP is a requirement, ensure that the server, which supports FTP, is placed in a different subnet than the internal protected network.
Mail Traffic
Ascertain which protocol is used for mail and ensure that there is a rule to block incoming mail traffic except to internal mail.
ICMP (ICMP 8, 11, 3)
Ensure that there is a rule blocking ICMP echo requests and replies.
Ensure that there is a rule blocking outgoing time exceeded and unreachable messages.
IP Readdressing/IP Masquerading
Ensure that the firewall rules have the readdressing option enabled such that internal IP addresses are not displayed to the external untrusted networks.
Zone Transfers
If the firewall is stateful, ensure packet filtering for UDP/TCP 53. IP packets for UDP 53 from the Internet are limited to authorised replies from the internal network. If the packet were not replying to a request from the internal DNS server, the firewall would deny it. The firewall is also denying IP packets for TCP 53 on the internal DNS server, besides those from authorised external secondary DNS servers, to prevent unauthorised zone transfers.
Egress Filtering
Ensure that there is a rule specifying that only traffic originating from IP’s within the internal network be allowed. Traffic with IP’s other than from the Internal network are to be dropped.
Ensure that any traffic originating from IP’s other than from the internal network are logged.
Critical servers
Ensure that there is a deny rule for traffic destined to critical internal addresses from external sources. This rule is based on the organisational requirements, since some organisations may allow traffic via a web application to be routed via a DMZ.
Personal firewalls
Ensure that laptop users are given appropriate training regarding the threats, types of elements blocked by the firewall and guidelines for operation of the personal firewall. This element is essential, since often times personal firewalls rely on user prompt to respond to attacks e.g. whether to accept/deny a request from a specific address.
Review the security settings of the personal firewall to ensure that it restricts access to specific ports, protects against known attacks, and that there is adequate logging and user alerts in the event of an intrusion.
Ensure that there is a procedure to update the software for any new attacks that become known.
Alternatively most tools provide the option of transferring automatic updates via the internet. In such instances ensure that updates are received from trusted sites.
Distributed firewalls Ensure that the security policy is consistently distributed to all hosts especially when there are changes to the policy. Ensure that there are adequate controls to ensure the integrity of the policy during transfer, e.g. IPSec to encrypt the policy when in transfer. Ensure that there are adequate controls to authenticate the appropriate host. Again IPSec can be used for authentication with cryptographic certificates.
Stealth Firewalls Ensure that default users and passwords are reset. Ensure that the firewall is appropriately configured to know which hosts are on which interface. Review the firewall access control lists to ensure that the appropriate traffic is routed to the appropriate segments. A stealth firewall does not have a presence on the network it is protecting and it makes it more difficult for the hacker to determine which firewall product is being used and their versions and to ascertain the topology of the network.
Ensure that ACK bit monitoring is established to ensure that a remote system cannot initiate a TCP connection, but can only respond to packets sent to it.
Continued availability of Firewalls: Ensure that there is a hot standby for the primary firewall.

For More Details, Please contact us on