Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Firewall Wizards: Auditing a firewall rulebase

Auditing a firewall rulebase

From: arvind doraiswamy <arvind.doraiswamy_at_gmail.com>
Date: Wed, 14 May 2008 20:49:12 +0530

Hey Guys,
What parameters would you look for if you audited a large rulebase for
an enterprise firewall? These are a few I could think of. Anything
else that you guys consistently look at when managing/auditing your
firewalls? Do take note that I'm talking just singularly about the
rule-base and not other configuration information i.e: I'm not looking
at things like -- Low console session timeout OR Telnet admin
interface open etc. I'm looking at just the rulebase this time around.
Here are my parameters:

Rules which have "any" or an equivalent keyword in them
Rules where an entire subnet has been granted access to a resource
Rules where a range of IP addresses has been granted access to a resource
Rules where a large range of ports has been opened to an IP Address / Addresses
Rules where there are design issues in the protocol itself
                eg. Unencrypted traffic
Rules which are redundant and can be removed from the rulebase

Thanks
Arvind
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on May 19 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]