PaulDotCom mailing list archives
Firewall Audit
From: chris.bentley at sky.com (Chris Bentley)
Date: Wed, 10 Jun 2009 08:41:25 +0100
Thanks for the reply Jack 2009/6/10 Jack Daniel <jackadaniel at gmail.com>
Depending on the firewall platform, number of firewalls, and the reason for the audit, you may want to include one of the commercial monitor/optimization tools...if you "just need information" (as opposed to "need information that will stand up in court"), I have heard that "Bob" occasionally uses trials of commercial tools for this purpose. (I am sure "Bob" eventually buys licenses as appropriate). The only one I have played with is Secure Passage's Firemon, but there are other options. As far as vuln scanners, make sure you enable and expose as many services and functions as possible (in a lab environment, of course) to really test the system- and make sure you test from "inside" and out. Then apply common sense to the results, think about whether or not the results are realistic in your production environment. Just scanning the outside of a locked-down system won't tell you much (hopefully). <rant> I have seen customers "fail" audits because their DNS proxy answered anonymous DNS queries. From the LAN. I have also seen customers "fail" audits because firewalls accepted and passed odd, yet RFC-compliant, packets to an internal host- traffic for which there are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a firewall is a story for another day...</rant> Jack On Tue, Jun 9, 2009 at 3:45 PM, Chris<chris.bentley at sky.com> wrote:Hi all, I have been asked by management to conduct an audit of a Firewall, no actual specification has been created. So what I?m asking is, I have to create a terms of reference and specify what I?m going to audit. I have started looking at the OSSTMM Firewall test, and would like toknowhow to conduct the test. Tools(nmap,hping,nessus) and what types of things I should be looking forinthe scans. Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/61e12a97/attachment.htm
Current thread:
- Firewall Audit Chris (Jun 09)
- Firewall Audit Jack Daniel (Jun 09)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Tim Mugherini (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Albert R. Campa (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Mike Patterson (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Jack Daniel (Jun 09)