PaulDotCom mailing list archives
Firewall Audit
From: gbugbear at gmail.com (Tim Mugherini)
Date: Wed, 10 Jun 2009 07:21:13 -0400
I agree with Ron. Config review is where you should start. If best practice or guidance documentation is not avaible from the firewall vendor and internal expertise does not exist, then seriously consider bring in a consultant with that expertise (specific to the product you are using). Not only will that expertise be invaluable in your audit, it will be a fantatstic learning opportunity for those resposible for the day to day administration. Testing should also be done but again tools are only useful to those experienced in them. Tools such as NMAP, for example, can be powerful if one understands how to use the options available. Scans of a statefull verse stateless firewall for example. A test environment, as mentioned by Jack is also a must in my opinion and can only assist in training those responsible. Hope this helps. On 6/10/09, Ron Gula <rgula at tenablesecurity.com> wrote:
On 6/9/2009 3:45 PM, Chris wrote:Hi all, I have been asked by management to conduct an audit of a Firewall, no actual specification has been created. So what I'm asking is, I have to create a terms of reference and specify what I'm going to audit. I have started looking at the OSSTMM Firewall test, and would like to know how to conduct the test. Tools(nmap,hping,nessus) and what types of things I should be looking for in the scans. */Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big StarWars fan)///Tools aside, I'd start with the config of the firewall and attempt to understand how it is set up. If there is no real policy for which to compare this against, I'd audit what can get through in both directions and then describe this to your management. I'd also do a vuln audit of the firewall, but this should be a detail and not where you start. Ron Gula Tenable Network Security
-- Sent from my mobile device
Current thread:
- Firewall Audit Chris (Jun 09)
- Firewall Audit Jack Daniel (Jun 09)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Tim Mugherini (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Albert R. Campa (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Mike Patterson (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Jack Daniel (Jun 09)
- <Possible follow-ups>
- Firewall Audit Patrick Yager (Jun 10)