Compliance and Audit Requirements
Compliance and Audit Requirements
Many organizations must demonstrate firewall compliance with regulatory standards. Implementing proper controls and documentation supports audit requirements while improving security.
Audit Trail Maintenance: Preserve comprehensive audit trails of all firewall changes:
-- Firewall change audit table
CREATE TABLE firewall_audit (
change_id UUID PRIMARY KEY,
timestamp TIMESTAMP NOT NULL,
user_id VARCHAR(255) NOT NULL,
change_type VARCHAR(50) NOT NULL,
rule_before TEXT,
rule_after TEXT,
justification TEXT NOT NULL,
ticket_number VARCHAR(50),
approval_status VARCHAR(50),
approved_by VARCHAR(255),
INDEX idx_timestamp (timestamp),
INDEX idx_user (user_id)
);
-- Audit query examples
-- Changes by user in last 30 days
SELECT user_id, COUNT(*) as change_count
FROM firewall_audit
WHERE timestamp > DATE_SUB(NOW(), INTERVAL 30 DAY)
GROUP BY user_id;
-- Unapproved changes
SELECT *
FROM firewall_audit
WHERE approval_status != 'approved'
AND timestamp > DATE_SUB(NOW(), INTERVAL 90 DAY);
Regular Reviews: Schedule periodic firewall rule reviews:
# Automated rule review script
def review_firewall_rules():
rules = get_all_firewall_rules()
review_report = []
for rule in rules:
# Check rule age
if rule.created_date < datetime.now() - timedelta(days=365):
review_report.append({
'rule_id': rule.id,
'issue': 'Rule older than 1 year',
'recommendation': 'Review for continued necessity'
})
# Check overly permissive rules
if rule.source == '0.0.0.0/0' and rule.port not in [80, 443]:
review_report.append({
'rule_id': rule.id,
'issue': 'Overly permissive source',
'recommendation': 'Restrict to specific IPs/ranges'
})
# Check for unused rules
if rule.hit_count == 0 and rule.age_days > 30:
review_report.append({
'rule_id': rule.id,
'issue': 'No hits in 30+ days',
'recommendation': 'Consider removal'
})
return review_report