Firewall Wizards mailing list archives
Re: Third Party Audit of a Firewall
From: C Matthew Curtin <cmcurtin () interhack net>
Date: Thu, 29 Jan 1998 11:41:27 -0500 (EST)
"Michelle" == Michelle <michelle () inf net au> writes:
Michelle> I am interested in what sort of tests should be run Of course, the appropriate documentation for the firewall should already be drafted. This should include all of the things you need to know about the systems, including OS, versions, patches, any applications, services, etc. You'll need to know what services you're exposing to the inside world, and to the outside world, and to what degree each is being exposed. I'm not sure I'd show this documentation to the auditors. The audit then becomes a straightforward matter, no different from any other. Inventory what services are running on the host, try to figure out its OS type, probe it to see what services it offers, poke at them looking for misconfigurations, watch version numbers, etc. Find out what other hosts are on the network, probe them as well, looking for any vulnerabilities. (While your bastion host might be nice and locked down, it's not much good if you've got a weak web server on the same LAN, and there's any sort of trust relationship between the two, or you're doing cleartext things to your bastion host across that network.) Be sure to get routers and all that rot included in there as well. Do the same from the inside. Then do a COPS-style audit of the system from the inside-out, looking for misconfigurations, stupid permissions problems, etc. Compile the data for a complete view of the world, from the inside network, from the outside network, and from the host itself. Compare that compiled report to the documentation that the auditors haven't seen up to this point. The two reports should be as close to identical as possible. Of course, this doesn't do anything to determine whether your policy is lacking, but at least it will give you an idea of how well your policy was implemented (or how good your auditors are ;-) ... -- Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/
Current thread:
- Third Party Audit of a Firewall Michelle (Jan 22)
- Re: Third Party Audit of a Firewall C Matthew Curtin (Jan 31)
- Re: Third Party Audit of a Firewall Chad Schieken (Jan 31)
- Re: Third Party Audit of a Firewall Marcus J. Ranum (Jan 31)
- Re: Third Party Audit of a Firewall Chad Schieken (Jan 31)
- Re: Third Party Audit of a Firewall C Matthew Curtin (Jan 31)