1. ACL Rule Issues
    1. Shadowed Rules
      1. Rules that will never be executed because of improper rulebase design.
      2. Firewalls perform pattern-matching from the top down. If a match is found in a previous rule, a subsequent rule to matching traffic will have no effect on it.
    2. Orphaned Rules
      1. Rules that have become unnecessary because of a change to the system.
      2. Orphaned rules may present a security risk if the IP address associated with an orphaned rule is reused, granting unintended access to the target system.
      3. They also add to the complexity of a firewall rule set and degrade device performance.
    3. Erroneous Rules
      1. Typographical Errors
        1. Incorrect Input
      2. Specification Errors
        1. Poor Design
  2. Firewall Logs
    1. The firewall log has information on every allowed and blocked connection crossing the network boundary.
    2. After ensuring that this information is of use to your organization through proper configuration, review and auditing of these logs will provide valuable insight into activities that have occurred.
    3. Consider using the firewall as a proactive monitoring tool that can alert administrators immediately if any of the following occur:
      1. Repeatedly blocked traffic from a single-source IP address or network, indicating a potential intrusion attempt
      2. Single rule violations from extremely sensitive sources, such as an outbound connection attempt from a database server
      3. Sudden bursts in traffic to one or more hosts, which should be investigated by system administrators
      4. Sudden decreases in traffic to one or more hosts, which may indicate a service outage
  3. Update Outdated Software or Firmware
    1. Security updates should be implemented to fix critical issues on devices and applications.
    2. Patches and Hotfixes often defend against found exploits and vulnerabilities that would otherwise go unchecked.
  4. Weak Cryptographic Algorithms
    1. Systems depend upon cryptographic algorithms and hashes to provide confidentiality, integrity, authentication, and non-repudiation.
    2. Avoid using these algorithms:
      1. RC4
      2. DES
    3. Avoid using these hash functions:
      1. MD4
      2. MD5
      3. SHA-1 is weaker than SHA-2, but SHA-2 is not as widely supported. If your infrastructure supports it, you should use SHA-2.
  5. Wireless Access Points (WAPs)
    1. Authentication Issues
      1. A single user cannot log into any network:
        1. Check authentication information
        2. Check device settings
      2. A single user cannot log into the wireless network, but can log into other systems:
        1. Check authentication information
        2. Check wireless logs
      3. Multiple users cannot log into the network:
        1. Check network hardware
    2. Signal Strength and Propagation Issues
      1. Gaps in coverage
      2. Interference
  6. Content Filters
    1. Manage Site-Based Policy Exceptions
    2. Manage User-Specific Policy Exceptions
    3. Manage Group-Based Policy Exceptions