Firewall Wizards mailing list archives
Re: How do you test a firewall
From: Bennett Todd <bet () mordor net>
Date: Wed, 8 Jul 1998 13:04:14 -0400
1998-07-08-11:45:57 Adam H. Pendleton:
I haven't been following this thread very closely, but I find the statement that scanners won't work against firewall to be erroneous. My company just finished putting out a scanner, based on SATAN, that works against firewalls. Check out http://www.wwdsi.com/saint to look at it. It's free, of course, otherwise I wouldn't post it here.
Thanks for the pointer. I'll certainly be happy to give it a close look, and this looks like a welcome addition to the bag of tools. But from a quick skim, it looks like a welcome and much-needed update of SATAN --- which I surely appreciate. Nonetheless I don't think this contradicts my actual statement. I didn't say that a scanner won't work against a firewall; sure it will. It'll be able to tell someone who knows how to interpret the result that it was just pointed at something more or less like a firewall. However, it won't be able to tell whether the firewall is well configured or not, what sort of policy the firewall is enforcing, and whether it's susceptible to attack or evasion; to analyze that the best current state of the art is to learn exactly how the firewall is designed and implemented, and what security policy it's supposed to be enforcing, then review its configuration, and finally do some spot-checks for popular configuration problems. E.g. first thing I'd check for a traditional bastion host setup is that it's enforcing the typical policy constraint that you can only get a login to the bastion from the inside, not from the outside. That's an easy one to miss. On the other hand, for a packet filter, the first thing I'd check is whether you can use one of the fragment based attacks to analyze the network behind the filter, since that's a popular omission in packet filters. -Bennett
Current thread:
- Re: How do you test a firewall (was Re: your mail -Reply) Adam H. Pendleton (Jul 08)
- Re: How do you test a firewall Bennett Todd (Jul 08)