Firewall rule sets tend to accumulate errors that may result in vulnerabilities to the internal network. A firewall rule-set should be audited once a year at least to maintain the policy the firewall is implementing.

Sample Case

Customer: Mid-sized Midwestern Bank
Services: Firewall Audit
Problem: The Bank had outsourced firewall management some time ago, with no follow-up examination, and needed assurance that the firewall was properly implemented.
Solution: An ESTec consultant reviewed the policy instructions provided to the outsourcing company, and reviewed the configuration files for the firewall. The policy was a simple one that required a large firewall rule-set. A change of personnel during the year that had not been properly communicated to the firewall management firm, and one individual who no longer worked for the bank still had access from his home computer through the firewall to the banking network's internal systems. That access was quickly removed, and the rules made clear to all users.
Results: The system once again functioned at the level determined before initialization several years ago, and now met fully every goal that had been created for it at implementation.