 |
 |
|
Brian Hayes —
Chief Technology Officer & Senior Security Engineer
|
|
At Redspin, Brian has led over one hundred audits at financial, casino, and enterprise institutions and his ATM vulnerability research has gained national attention. Brian was previously an Information Assurance Engineer at SRA International, leading security projects for a number of federal civil and defense agencies including the Supreme Court of the United States and the Department of Defense. His work on these projects included design, deployment, and testing of secure network architectures including intrusion detection systems, performing numerous vulnerability and risk assessments, and developing informational security policies.
|
|
|
|
 |
|
|
|
 Back To Redspin Security Management Advisory Headlines
|
 |
Volume 1 | April 2, 2008
|
 |
|
This week's security management advisory provides an overview of the risk associated with firewall misconfiguration, mitigation advice, and insider guidance from Brian Hayes, Redspin's CTO. Brian is a Senior Security Engineer who has evaluated countless firewall configurations, resulting in the development of the FirewallCAT, a free tool that you can use to benchmark the security of your firewall and to help mitigate risk.
|
|
I. Managing Firewall Risk
Despite the fundamental security role that firewall's play for virtually all financial institutions, some executives remain complacent in their approach to managing the risk associated with this control. This is a flawed approach, because in this case the devil is in the details and a minute configuration error, such as a typo or redundant line, can effectively render this control useless. Of the many security controls likely deployed throughout an institution's network, subtle firewall-based risks are a significant area of auditing responsibility for management to consider. This is because they are heavily relied upon and considered quite basic, but in reality they are heavily prone to extremely subtle configuration-based errors.
Management may not understand specific firewall configuration syntax, but enforcing policies and procedures which ensure that the firewall is strictly peer-reviewed, tested, and assessed by experts is crucial. To assist the administrator in identifying these common errors as well as provide an alternative method to evaluating the effectiveness of the firewall policy, Redspin freely offers the FirewallCAT, a Firewall Configuration Analysis Tool.
|
|
II. Insider Perspective
"Throughout my security auditing experience, I consistently find
firewall configurations that are not implemented correctly and, as a
result, introduce more vulnerabilities than they limit. I saw a need
to help administrators easily verify that their firewall was configured
correctly. The FirewallCAT was designed to process the firewall
configuration and visually represent the implemented policy. Not only
will the administrator be able to quickly confirm what traffic is
allowed through the firewall, but common errors, such as redundant and
blocked rules will be caught by the FirewallCAT and an alert will be
generated."
— Brian Hayes, Redspin C.T.O.
|
III. The Redspin FirewallCAT Can Help Minimize Risk
Figure 1. Visual Representation of Firewall Configuration
Figure 2. Types of Analysis Performed
|
|
IV. Technical Resources
For more technical depth, please refer to Redspin's Security Research at:
|
|
|
|
|
|
|
 |
