Re: Firewall Audit Programme/checklist

[Andrew Yeomans <andrew_yeomans () uk ibm com>]

> ... What you really want isn't a
> checklist, it's a flow-chart. A really BIG flow-chart that goes
> kind of like:
>
> if you're looking at a firewall
>  look at the policy for incoming traffic
>   does it allow http in?
>    to what machine?
>     what OS is it running?
>     are the CGI scripts audited?
>     is the httpd up to date?
>   does it allow smtp in?
>    to what machine?
>     what OS is it running?
>      if UNIX
>       is sendmail up to date?
>      else
>       WTF?
>   does it allow other services in?
>    what service?
>     WTF?

The IBM Firewall for AIX includes a tool called Network Security Auditor, which
performs a scan of IP addresses and ports, and then inspects the results to
attempt to determine operating system and software versions, so it can
explicitly identify vunerabilities and give pointers to the CERT alerts, etc.
Very much like the "flowchart" above.

Details are on http://www.networking.ibm.com/sng/info.htm#NSA with a sample
report. It can be customised to add new vunerabilities. (NSA is not included in
the free trial download code on that web site, but is free with the full
product).

Andrew_Yeomans () uk ibm com,                      Installation Support Centre,
EMEA  Network  Computing  Software  and  e-business  Centre  of  Competence,
MP 3GS, IBM UK Ltd, 1 New Square, Bedfont Lakes, Feltham, Middlesex,TW14 8HB
Tel: +44-181-818-4288 Int: 36-4288 Fax: +44-181-818-5475 Pager: 01523-494985

"It's a UNIX system. I _know_ this!" - Jurassic Park