Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Firewall Audit
From: chris.bentley at sky.com (Chris Bentley)
Date: Wed, 10 Jun 2009 08:41:25 +0100

Thanks for the reply Jack

2009/6/10 Jack Daniel <jackadaniel at gmail.com>

Depending on the firewall platform, number of firewalls, and the
reason for the audit, you may want to include one of the commercial
monitor/optimization tools...if you "just need information" (as
opposed to "need information that will stand up in court"), I have
heard that "Bob" occasionally uses trials of commercial tools for this
purpose.  (I am sure "Bob" eventually buys licenses as appropriate).
The only one I have played with is Secure Passage's Firemon, but there
are other options.

As far as vuln scanners, make sure you enable and expose as many
services and functions as possible (in a lab environment, of course)
to really test the system- and make sure you test from "inside" and
out.  Then apply common sense to the results, think about whether or
not the results are realistic in your production environment.  Just
scanning the outside of a locked-down system won't tell you much
(hopefully).

<rant> I have seen customers "fail" audits because their DNS proxy
answered anonymous DNS queries. From the LAN.  I have also seen
customers "fail" audits because firewalls accepted and passed odd, yet
RFC-compliant, packets to an internal host- traffic for which there
are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a
firewall is a story for another day...</rant>


Jack




On Tue, Jun 9, 2009 at 3:45 PM, Chris<chris.bentley at sky.com> wrote:
Hi all,

I have been asked by management to conduct an audit of a Firewall,  no
actual specification has been created.

So what I?m asking is, I have to create a terms of reference and specify
what I?m going to audit.

I have started looking at the OSSTMM Firewall test, and would like to
know
how to conduct the test.

Tools(nmap,hping,nessus) and what types of things I should be looking for
in
the scans.



Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan)

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/61e12a97/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault