Firewall Wizards mailing list archives
Re: How automate firewall tests
From: Jean-Denis Gorin <jdgorin () computer org>
Date: Tue, 22 Aug 2006 16:34:36 +0200
On Tue, 22 Aug 2006 14:48 Avishai Wool wrote:
[...]
I agree with almost all the above except the statement "analyzing the firewall configuration files is *not* the right way" It's not very easy to do, certainly not easy to do *well*, but it is very possible!
Yes, it is very possible. That's not my point. My point is, checking the firewall configuration doesn't guarantee you get what you want. You have to trust the implementation to be sure the rules are correctly applied. That's why "analyzing the firewall configuration files is *not* the right way". The right way is to analyze *how* the firewall applies the rules, not what are the rules.
if you are interested, you can find some academic papers about how it works at: http://www.eng.tau.ac.il/~yash/fw/index.html
As a member of IEEE and the Computer Society I allready know some of these papers ;-) JDG _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Avishai Wool (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Chuck Swiger (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 22)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests ArkanoiD (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 22)