PaulDotCom mailing list archives

Firewall Audit

From: rgula at tenablesecurity.com (Ron Gula)
Date: Wed, 10 Jun 2009 05:53:37 -0400

On 6/9/2009 3:45 PM, Chris wrote:


Hi all,

I have been asked by management to conduct an audit of a Firewall,  no
actual specification has been created.

So what I'm asking is, I have to create a terms of reference and
specify what I'm going to audit.

I have started looking at the OSSTMM Firewall test, and would like to
know how to conduct the test.

Tools(nmap,hping,nessus) and what types of things I should be looking
for in the scans.

 

*/Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big
StarWars fan)///

Tools aside, I'd start with the config of the firewall and attempt to
understand how it is
set up. If there is no real policy for which to compare this against,
I'd audit what can get
through in both directions and then describe this to your management.
I'd also do a vuln
audit of the firewall, but this should be a detail and not where you start.

Ron Gula
Tenable Network Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/351ee21c/attachment.htm

Current thread:

Firewall Audit Chris (Jun 09)
- Firewall Audit Jack Daniel (Jun 09)
  - Firewall Audit Chris Bentley (Jun 10)
  - Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
  - Firewall Audit Tim Mugherini (Jun 10)
  - Firewall Audit Paul Asadoorian (Jun 10)
    - Firewall Audit Chris Bentley (Jun 10)
    - Firewall Audit Paul Asadoorian (Jun 10)
    - Firewall Audit Albert R. Campa (Jun 10)
    - Firewall Audit Chris Bentley (Jun 10)
    - Firewall Audit Mike Patterson (Jun 10)
    - Firewall Audit Ron Gula (Jun 10)
- <Possible follow-ups>
- Firewall Audit Patrick Yager (Jun 10)