- Do you block third parties from connecting remotely to your environments?
- Do you configure remote access methods to prevent unauthorised connections?
- Do you periodically review the router / firewall logs, validating filter operation?
- Do you allow only authorised ports and services?
- Do you have a process on how permissions are granted to access the firewall?
- Is the production environment isolated from development or user acceptance test network?