mailing list archives
From: jackadaniel at gmail.com (Jack Daniel)
Date: Tue, 9 Jun 2009 23:13:15 -0400
Depending on the firewall platform, number of firewalls, and the
reason for the audit, you may want to include one of the commercial
monitor/optimization tools...if you "just need information" (as
opposed to "need information that will stand up in court"), I have
heard that "Bob" occasionally uses trials of commercial tools for this
purpose. (I am sure "Bob" eventually buys licenses as appropriate).
The only one I have played with is Secure Passage's Firemon, but there
are other options.
As far as vuln scanners, make sure you enable and expose as many
services and functions as possible (in a lab environment, of course)
to really test the system- and make sure you test from "inside" and
out. Then apply common sense to the results, think about whether or
not the results are realistic in your production environment. Just
scanning the outside of a locked-down system won't tell you much
<rant> I have seen customers "fail" audits because their DNS proxy
answered anonymous DNS queries. From the LAN. I have also seen
customers "fail" audits because firewalls accepted and passed odd, yet
RFC-compliant, packets to an internal host- traffic for which there
are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a
firewall is a story for another day...</rant>
On Tue, Jun 9, 2009 at 3:45 PM, Chris<chris.bentley at sky.com> wrote:
I have been asked by management to conduct an audit of a Firewall, ?no
actual specification has been created.
So what I?m asking is, I have to create a terms of reference and specify
what I?m going to audit.
I have started looking at the OSSTMM Firewall test, and would like to know
how to conduct the test.
Tools(nmap,hping,nessus) and what types of things I should be looking for in
Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan)
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
Jack Daniel, Reluctant CISSP