RIS Terms of Service & FAQs: Security Health Check (SHC)

11/08/2024 0 People found this article helpful 43,283 Views

Description

MSS’s Health Check Service is an in-depth review of your SonicWall firewall designed to provide you with a comprehensive review of your SonicWall’s network security posture and identify any security gaps, best practices, and recommendations that should be considered.

You will be provided with a Firewall Health Check Report that will include findings and recommended actions to be taken. This may include SonicWall specific configuration optimizations that can evolve in follow-up remediation projects, but also more general and network specific optimization suggestions that may result in follow-up network optimization projects such as network migration to a more efficient network topology.
This guide is intended to provide you with clear guidelines and expectations to ensure successful delivery of the Security Health Check Service.
This Health Check Service is compiled based upon industry standard security configurations. It does not take your environment, business needs and security posture into account.

In-Scope Activities

The Security Health Check is a service containing a review of existing configuration and the resulting best practice advisory around the following areas:

Overall Appliance Status Check

Firmware version & review of new releases Licensing Review

Network Security Best Practices Checks

NAT Policies & Port Forwards
Firewall Access Rules
Inter-Zone Access Policies
Wireless Configuration
General Settings & Policies
Users Management & Access Configuration
Application Visualization & Control
VPN Tunnel & SSL-VPN Configuration
HTTP & WAN Management
Logging Configuration

Security Services Status Checks

Content Filtering Service - CFS
Gateway Antivirus - GAV
Intrusion Prevention Service - IPS
Anti-Spyware
Geo-IP Filtering
Botnet Filtering
Deep Packet Inspection for SSL Traffic – DPI-SSL
Deep Packet Inspection for SSH Traffic – DPI-SSH

The Security Health Check Service may also provide recommendations around the following areas

New service implementation (SSO, LDAP, 2- Factor)
New product deployment and network integration
Network segmentation, encryption in transit and remote access planning (Annex)
Design best practice workshop planning
Product migration and configuration translation

Configuration of the following services is not included in scope of this work, but can be offered as follow-up activities per request

General Configuration and Implementation
Global VPN Client / SSL-VPN
Sonic Point Configuration
Single-Sign-On
Comprehensive Anti-spam Service
GMS and/ or analyzer
Support logged case follow-up and fix
LDAP/Radius Authentication
WAN Acceleration
Enforced Client Anti-Virus
Training
High-Availability / Clustering
Product features

Out-Of-Scope Activities

The Security Health Check is designed to be a best effort security evaluation and validation service. The scope of the service is determined based on size and complexity of customer environment. As such, this service does not include onsite configuration optimization. Remediation services are follow-up projects derived from conclusions of the Health Check Report.

The above in-scope activities will be treated as best effort and focus will be given to areas relevant to customer environment and to elements deemed higher priority.

Security Compliance Requirements

The Security Health Check Service can assist with PCI: DSS or GDPR compliance requirements.

PCI: DSS Security Compliance

Do not store sensitive authentication data once the card authorization process has been completed. Protect actual card number with encryption.
Hardened card data storage must be protected within a defined security perimeter, through specific set of controls maintaining network security.
The network must also be segmented and protected, including separation of Wireless networks with firewalls. Additional security elements such as Intrusion Detection and Prevention, including other alerting mechanisms are recommended.
Remote access must use two-factor authentication. These extensive access controls must also be augmented by physical security countermeasures, including use of cameras and methods to monitor access to sensitive areas.
You are required to undertake penetration testing, both annually and after major system changes. In addition, you need to undertake both internal (network and application) and external quarterly vulnerability scans.
Your validation is only confirmation of your compliance at a single point in time. You need to ensure continual compliance to manage your ongoing risk of breach.

GDPR Security Compliance

Audit current approach to managing data.
Establish current position and existing processes around data protection
Audit of all customer data sets held across the business, including areas where PII might NOT be adequately protected.

A SonicWall firewall can help with

New Security Access Gates between business modules
Protect data on Mobile Devices & Remote Offices like data held centrally
New access policy enforcement across file sharing or other shared services or assets

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

RIS Terms of Service & FAQs: Security Health Check (SHC)

Description

In-Scope Activities

Out-Of-Scope Activities

Security Compliance Requirements

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch