Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Firewall Audit
From: florian.sicking at hotmail.com (Florian Sicking)
Date: Wed, 10 Jun 2009 15:27:33 +0200

After manually going through the config you could give an automated config
parser liker Nipper (http://nipper.titania.co.uk) a shot. See if it comes up
with something you?ve missed.



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jack Daniel
Sent: Mittwoch, 10. Juni 2009 05:13
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Firewall Audit

Depending on the firewall platform, number of firewalls, and the
reason for the audit, you may want to include one of the commercial
monitor/optimization tools...if you "just need information" (as
opposed to "need information that will stand up in court"), I have
heard that "Bob" occasionally uses trials of commercial tools for this
purpose.  (I am sure "Bob" eventually buys licenses as appropriate).
The only one I have played with is Secure Passage's Firemon, but there
are other options.

As far as vuln scanners, make sure you enable and expose as many
services and functions as possible (in a lab environment, of course)
to really test the system- and make sure you test from "inside" and
out.  Then apply common sense to the results, think about whether or
not the results are realistic in your production environment.  Just
scanning the outside of a locked-down system won't tell you much
(hopefully).

<rant> I have seen customers "fail" audits because their DNS proxy
answered anonymous DNS queries. From the LAN.  I have also seen
customers "fail" audits because firewalls accepted and passed odd, yet
RFC-compliant, packets to an internal host- traffic for which there
are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a
firewall is a story for another day...</rant>


Jack




On Tue, Jun 9, 2009 at 3:45 PM, Chris<chris.bentley at sky.com> wrote:
Hi all,

I have been asked by management to conduct an audit of a Firewall, ?no
actual specification has been created.

So what I?m asking is, I have to create a terms of reference and specify
what I?m going to audit.

I have started looking at the OSSTMM Firewall test, and would like to know
how to conduct the test.

Tools(nmap,hping,nessus) and what types of things I should be looking for
in
the scans.



Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan)

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]