Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Firewall Audit
From: chris.bentley at sky.com (Chris Bentley)
Date: Wed, 10 Jun 2009 12:36:59 +0100

Paul/Ron any idea what type of scans I could run using nmap or nessus.
Also this would make a good technical segment for the show.

2009/6/10 Paul Asadoorian <paul at pauldotcom.com>

Agreed, auditing firewalls is a two-phased approach (Even three).
First, you need to understand your rules and audit them on a regular
basis.  Of course, change management people HATE this because I would
put in a change notice every couple of months and call it "maintenance"
and clean-up the firewall rules, remove rules that didn't exist, etc...

Second, you should perform scans through the firewall and make sure its
blocking what it says it should be blocking.

Third, you should audit your firewall logs, they can also tell you if
you made an "oops" and are allowing traffic that you should not.  I
actually had a systems administrator catch a firewall rule that was
incorrect because they were seeing FTP login attempts from the Internet!

Cheers,
Paul

Ron Gula wrote:
On 6/9/2009 3:45 PM, Chris wrote:

Hi all,

I have been asked by management to conduct an audit of a Firewall,  no
actual specification has been created.

So what I?m asking is, I have to create a terms of reference and
specify what I?m going to audit.

I have started looking at the OSSTMM Firewall test, and would like to
know how to conduct the test.

Tools(nmap,hping,nessus) and what types of things I should be looking
for in the scans.



*/Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big
StarWars fan)///


Tools aside, I'd start with the config of the firewall and attempt to
understand how it is
set up. If there is no real policy for which to compare this against,
I'd audit what can get
through in both directions and then describe this to your management.
I'd also do a vuln
audit of the firewall, but this should be a detail and not where you
start.

Ron Gula
Tenable Network Security


------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

--
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/d4cc12ad/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]