PaulDotCom mailing list archives
Firewall Audit
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Wed, 10 Jun 2009 07:21:34 -0400
Agreed, auditing firewalls is a two-phased approach (Even three). First, you need to understand your rules and audit them on a regular basis. Of course, change management people HATE this because I would put in a change notice every couple of months and call it "maintenance" and clean-up the firewall rules, remove rules that didn't exist, etc... Second, you should perform scans through the firewall and make sure its blocking what it says it should be blocking. Third, you should audit your firewall logs, they can also tell you if you made an "oops" and are allowing traffic that you should not. I actually had a systems administrator catch a firewall rule that was incorrect because they were seeing FTP login attempts from the Internet! Cheers, Paul Ron Gula wrote:
On 6/9/2009 3:45 PM, Chris wrote:Hi all, I have been asked by management to conduct an audit of a Firewall, no actual specification has been created. So what I?m asking is, I have to create a terms of reference and specify what I?m going to audit. I have started looking at the OSSTMM Firewall test, and would like to know how to conduct the test. Tools(nmap,hping,nessus) and what types of things I should be looking for in the scans. */Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big StarWars fan)///Tools aside, I'd start with the config of the firewall and attempt to understand how it is set up. If there is no real policy for which to compare this against, I'd audit what can get through in both directions and then describe this to your management. I'd also do a vuln audit of the firewall, but this should be a detail and not where you start. Ron Gula Tenable Network Security ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552
Current thread:
- Firewall Audit Chris (Jun 09)
- Firewall Audit Jack Daniel (Jun 09)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Tim Mugherini (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Albert R. Campa (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Mike Patterson (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Jack Daniel (Jun 09)
- <Possible follow-ups>
- Firewall Audit Patrick Yager (Jun 10)