Firewall Wizards mailing list archives
Re: Firewall Audit Programme/checklist
From: Andrew Yeomans <andrew_yeomans () uk ibm com>
Date: Tue, 17 Mar 1998 11:23:26 +0000
... What you really want isn't a checklist, it's a flow-chart. A really BIG flow-chart that goes kind of like: if you're looking at a firewall look at the policy for incoming traffic does it allow http in? to what machine? what OS is it running? are the CGI scripts audited? is the httpd up to date? does it allow smtp in? to what machine? what OS is it running? if UNIX is sendmail up to date? else WTF? does it allow other services in? what service? WTF?
The IBM Firewall for AIX includes a tool called Network Security Auditor, which performs a scan of IP addresses and ports, and then inspects the results to attempt to determine operating system and software versions, so it can explicitly identify vunerabilities and give pointers to the CERT alerts, etc. Very much like the "flowchart" above. Details are on http://www.networking.ibm.com/sng/info.htm#NSA with a sample report. It can be customised to add new vunerabilities. (NSA is not included in the free trial download code on that web site, but is free with the full product). Andrew_Yeomans () uk ibm com, Installation Support Centre, EMEA Network Computing Software and e-business Centre of Competence, MP 3GS, IBM UK Ltd, 1 New Square, Bedfont Lakes, Feltham, Middlesex,TW14 8HB Tel: +44-181-818-4288 Int: 36-4288 Fax: +44-181-818-5475 Pager: 01523-494985 "It's a UNIX system. I _know_ this!" - Jurassic Park
Current thread:
- Re: Re: Firewall Audit Programme/checklist Wei Li (Mar 17)
- <Possible follow-ups>
- Re: Firewall Audit Programme/checklist Andrew Yeomans (Mar 17)