Re: How automate firewall tests

[Jean-Denis Gorin <jdgorin () computer org>]

Strabla Ruggero wrote:
> What I need is someone that could tell me which type of tests you do on
> your firewalls and that you like too see automated

What I would like, is a tool able to answer 2 questions:
  1/ what is the security level of my firewal platform (OS security, patches up
to date, is the firewall protect itself well, ...)?
  2/ is the configuration of that firewall compliant with my security policy?

The first point could be achieved with tools like vulnerability scanner,
malformed packet scanner, patch manager, and so on. You have to add a tool able
to audit the security configuration of the firewall to check what is the level
of auto protection

The second point requires a tool able to *understand* a security policy. And
that requires a tool able to *model* a security policy.
Then, you have to code a security policy checker. And analyzing the firewall
configuration files is *not* the right way: you have to find an external way to
check that to be sure that the firewall implementation of the security policy is
right. That means accepting the authorized data flows, *and* reject all others
kind. The difficult part is to check 'all others kind of data flows', including
tunneling, covert channel, ...

As Marcus said, good luck ;)

JDG
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards