RE: firewall auditing/testing

["Robert J. Kraus" <rkraus () telcomtex net>]

Rocky,

I guess the question is, are you concerned about the security of your
firewall itself? Or what security it is providing for the clients and
servers behind it? 

I was not sure which you were talking about the way the questions were
asked.

If it truly is the vulnerabilities of the firewall you wish to test then
you need to look up the model of firewall you have in some of the
vulnerability databases. For instance If I have a WatchGuard x700
Firebox I would go to sites like
http://www.securityfocus.com/vulnerabilities and see what
vulnerabilities are out there for the software I am running on it. 

If you are referring to the protection it is providing the hosts,
servers, and services behind it then you need to make sure you review
the logs on the firewall AND the servers. For instance, I can look at my
firewall logs and it will show me that it dropped several attacks
against my FTP server, great for the firewall! But, if I don't check the
logs on my FTP server....then what justice am I really providing? You
still need to look at your application server logs to verify if any
attacks made it past the firewall. If some in fact did make it past, you
then need to find out how and modify your firewall rules to prevent it
from happening again. In most cases it's a mis-configuration on the
actual server and not the firewall that is the culprit.

I hope this gives you some help with your question.



Thanks,
 
Rob Kraus


-----Original Message-----
From: Rocky [mailto:pixscreenpoint () gmail com] 
Sent: Tuesday, June 13, 2006 6:30 PM
To: pen-test () securityfocus com
Subject: firewall auditing/testing

Hi guys,

I'm new to the list and been reading your email archives but
i have my own question how to test your firewall if its really secured.

Our IT director is really paranoid and he's not confident if our
current firewall security is really secured.

I already presented a NMAP/Nessus audit logs and i even
show to him the activity logs of our ACL that deny/drops
everything from the internet and permit only the basic applications.

Is there any other tools that can penetrate/test the firewall
vulnerability?

Thanks,
rocky

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic
has the 
most comprehensive solutions to meet your application security
penetration 
testing and vulnerability management needs. You have an option to go
with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm
your 
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------

Attachment: Robert J. Kraus.vcf
Description: Robert J. Kraus.vcf

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------