Firewall Wizards mailing list archives
Re: Penetration Tests
From: Bennett Todd <bet () rahul net>
Date: Fri, 26 Sep 1997 04:57:17 -0700
On Thu, Sep 25, 1997 at 09:00:46PM +0100, Edward Cracknell wrote:
I'd really like some input regarding penetration tests. Internal and External.
Internal is really fruitful, at least potentially. You should play with Satan. It's a good exercise to run COPS over at least a representative handful of machines. Get 'em properly configured and both of these will likely produce more output than you want, but you'll probably uncover configuration errors on some subset of your systems that open up large problems. An automated tool isn't going to do much good for an external penetration attempt unless you have a truly ghastly configuration error in your firewall. MJR has a superb paper explaining why at <URL:http://www.clark.net/pub/mjr/pubs/fwtest/index.htm>. To really analyze a firewall you need to combine automated tools like port scanners with inside analysis. Identify every port that has a service listening, then research to see if any bugs have been reported in the daemon that's servicing that port, then closely check the configuration for problems. "netstat -a" is a good friend here; it should produce so little output that you can explain every last line. Note that for any testing --- any useful security work at all, for that matter --- you've gotta have a security policy in force; it has to do a good job of reflecting the organization's needs, it has to have management support, and it has to specify enough detail so it defines a spec that the security infrastructure must meet. And you know, once you get done with _that_ chore merely certifying the correctness of a firewall seems like a piece of cake. -Bennett
Current thread:
- Penetration Tests Edward Cracknell (Sep 25)
- Re: Penetration Tests Marcus J. Ranum (Sep 25)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Re[2]: Penetration Tests Arjan Vos (Sep 27)
- Re: Re[2]: Penetration Tests Alfred Huger (Sep 27)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re: Penetration Tests Marcus J. Ranum (Sep 25)
- Re: Penetration Tests Paul D. Robertson (Sep 26)
- Re: Penetration Tests Bennett Todd (Sep 26)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re: Policy ? (was RE: Penetration Tests) Edward Cracknell (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Bennett Todd (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Paul D. Robertson (Sep 30)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Penetration Tests -= ArkanoiD =- (Sep 26)
- <Possible follow-ups>
- Re: Penetration tests Bill Kennedy (Sep 26)
- Re[2]: Penetration Tests Frank Willoughby (Sep 29)