Firewall IDS/IPS

Managed Firewall Implementation

The installation of a firewall is an important step in securing a Client computing environment. Several steps will be completed to ensure the proper configuration and implementation. The following steps allow Spyders security consultants to provide a consistent firewall implementation.

Information Gathering

• Information will be gathered on routers, DNS servers and other network services and devices to ensure the firewall integrates into the environment.

Installation of Operating System

• The operating system that will host the firewall module station is a key part to securing the firewall. The O/S must be installed and correctly configured. The O/S will be configured to ensure a secure platform, and any unnecessary services and applications will be removed to provide the secure operating system.

Security Policy Development

• The security engineer will spend up to 5 hours assisting the client with the development of a security policy that appropriately matches the business and security needs of the Client prior to the installation of the firewall. This event is key to a properly secured, but functional environment.

Installation of Firewall

• The firewall appliance will be installed into the host environment. The firewall software will be setup for administration and then configured for users, networks objects, and address translation if necessary. The rule base will then be configured, verified and implemented.

Testing and Adjusting

• The firewall will be tested by Spyders engineers for proper connectivity to the internal and external interfaces to ensure the security and all connectivity needs are met. The firewall will then be scanned using a vulnerability scanner to ensure that only the predefined and required services are allowed to pass by the firewall.

Premier Level Firewall Management Features

• 24x7 Firewall Status Monitoring
  • Spyders security engineers will monitor the firewall for functionality and connectivity 24 hours a day, 7 days a week and 365 days a year. 
• 12 Security policy changes per year, with additional policy changes costing $200 per change
  • The client can request changes to their security policy at any time. Any modification of the security policy rule base is considered a change request to the security policy. This modification can be the addition, deletion or modification of a service definition.
  • A change is defined as affecting five or less rules involving five or less objects.  For example, a request involving 11 rules with 4 objects will count as 3 changes.
• 4-hour response time for rule base changes during off-hours (M-F 6pm-8am ET and weekends). All support is remote: via phone, fax, or email.
  • Spyders Support Engineers will review requests within four hours of receipt of the request.  The change request will be verified, and once the change has been made the client will then be notified of successful completion.
• 2-hour response time for rule base changes during normal working hours (M-F 8am-6pm ET). All support is remote: via phone, fax, or email.
  • Spyders Support Engineers will review requests within two hours of receipt of the request.  The change request will be verified, and once the change has been made the client will then be notified of successful completion.
• Client module usage
  • The ability of the client to be managed remotely allowing the ability to view the firewall logs and the current installed rule base.
• Baseline configuration storage
  • The firewall security policy will be archived after the initial implementation. Additional changes to the firewall policy base will also be stored with the original configuration. This will provide the client with an accurate backup in case of catastrophic equipment failure. Any subsequent changes to the policy will be documented accordingly.
• Patch and upgrade notification & Installation
  • The client will be notified of the installation of all patches/upgrades for the operating system and firewall software.  This notification will be sent prior to the actual installation of patch/upgrade. The client can request that certain patches not be implemented; this will be reviewed on a case-by-case basis.
• Continuous log review
  • Clients will be assigned a custom userid and password providing the ability to view the firewall log files.  Unlimited access to these logs will be granted under the Premier Management Service
• Semi-annual vulnerability scans
  • The firewall will be scanned for security vulnerabilities with a vulnerability scanner approximately every six months.  These scans will be compared to the previous scans to ensure nothing unexpected has changed.  If vulnerability is detected the client will be notified within 24 hours of the scan and appropriate actions will be taken to correct any deficiency.
• Semi-annual firewall configuration reports
  • Approximately every six months a report documenting the current configuration of the firewall security policy will be provided; it will include the documentation for any change (policy or patch) that has been made during that last quarter.
• 24X7 Firewall Support
  • The firewall provides a critical service to the Client when it’s down.  Spyders security engineers will monitor the availability of the firewall 24 hours a day, 7 days a week. Corrective action will be immediately taken in the event of the firewall going down.  All relevant parties will be notified in the event that a firewall goes down.  Escalation procedures will be followed per the agreed to escalation procedure. High Level overview of the Spyders Security Incident Response Process is shown on this page