System integrity

To prevent unauthorized modifications of the firewall configuration, some form of integrity assurance process should be used. Typically, checksums, cyclic redundancy checks, or cryptographic hashes are made from the runtime image and saved on protected media. Each time the firewall configuration has been modified by an authorized individual (usually the firewall administrator), the system integrity online database must be updated and saved onto a file system on the network or removable media. If the system integrity check shows that the firewall configuration files have been modified, it should be known that the system has been compromised.

Tip The firewall's system integrity database should be updated each time the firewall configuration is modified. System integrity files must be stored on read-only media or offline storage. System integrity should be checked on a regular basis on the firewall, so the administrator can generate a listing of all files that may have been modified, replaced, or deleted.

Documentation

It is important that the operational procedures for a firewall and its configurable parameters are well documented, updated, and kept in a safe and secure place. This ensures that if a firewall administrator resigns or is otherwise unavailable, an experienced individual can read the documentation and rapidly pick up the administration of the firewall. In the event of a break-in, such documentation also supports trying to recreate the events that caused the security incident.