Re: firewall audit

[bet () RAHUL NET (Bennett Todd)]

2000-05-03-21:10:20 LEOW Chiun-Yi Jonathan:
> anyone out there know of any comprehensive and detailed firewall audit
> program/ checklist?

Nope. In general it's not possible.

I wrote an article on auditing firewalls; it's available at
<URL:http://www.itsecurity.com/papers/p5.htm>.

Here's the short version: a firewall is a device to enforce a
security policy. So to audit a firewall, you first need to audit the
security policy: review it and make sure it's a reasonable match for
the organization's needs. Once that's done you can audit the
firewall itself to make sure it implements the policy correctly. The
most reasonable way to do that is a close and detailed examination
of the firewall config (i.e. it'll vary depending on the kind of
firewall), together with a couple of spot-checks, where you try to
do something that should be forbidden and confirm that it's really
blocked.

You can do things like run port scanners against a firewall box, but
really all they can do is confirm that the firewall is in fact a
hardened host. So a scanner can tell you something useful if the
"firewall" you have is in fact nothing at all like a firewall, but
if it's anything anywhere close then the scanner will tell you
nothing useful.

-Bennett

<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>