How SCIP performs firewall rule auditing
I came across a very cool firewall rule auditing procedure from Marc Ruef’s twitter.
One of the most interesting things that I’ve read so far is how they weigh vulnerabilities, it is listed under a section titled Key Areas, and I won’t reproduce it here.
Seems like a good quick guideline on what to do and what not to do with Firewalls.
P.S. The rule sets here would have a low weight and most would be explicable. :)