Vulnerability Development mailing list archives
Re: firewall audit
From: bet () RAHUL NET (Bennett Todd)
Date: Thu, 4 May 2000 11:23:29 -0400
2000-05-03-21:10:20 LEOW Chiun-Yi Jonathan:
anyone out there know of any comprehensive and detailed firewall audit program/ checklist?
Nope. In general it's not possible. I wrote an article on auditing firewalls; it's available at <URL:http://www.itsecurity.com/papers/p5.htm>. Here's the short version: a firewall is a device to enforce a security policy. So to audit a firewall, you first need to audit the security policy: review it and make sure it's a reasonable match for the organization's needs. Once that's done you can audit the firewall itself to make sure it implements the policy correctly. The most reasonable way to do that is a close and detailed examination of the firewall config (i.e. it'll vary depending on the kind of firewall), together with a couple of spot-checks, where you try to do something that should be forbidden and confirm that it's really blocked. You can do things like run port scanners against a firewall box, but really all they can do is confirm that the firewall is in fact a hardened host. So a scanner can tell you something useful if the "firewall" you have is in fact nothing at all like a firewall, but if it's anything anywhere close then the scanner will tell you nothing useful. -Bennett <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: Blind Remote Buffer Overflow, (continued)
- Re: Blind Remote Buffer Overflow Marc (May 01)
- Re: Blind Remote Buffer Overflow Blue Boar (May 01)
- Re: Blind Remote Buffer Overflow matej (May 01)
- Re: Blind Remote Buffer Overflow Pavol Luptak (May 02)
- Ascii-x86 was: Blind Remote Buffer Overflow Bluefish (May 03)
- Re: Ascii-x86 was: Blind Remote Buffer Overflow Robert Collins (May 03)
- Re: Ascii-x86 was: Blind Remote Buffer Overflow Bill Weiss (May 03)
- firewall audit LEOW Chiun-Yi Jonathan (May 03)
- Re: firewall audit Ron DuFresne (May 03)
- Re: firewall audit antirez (May 04)
- Re: firewall audit Bennett Todd (May 04)
- Re: firewall audit Ron DuFresne (May 04)
- ethernet cards & promisc mode Security Team (May 03)
- Re: ethernet cards & promisc mode R (May 04)
- Info on the VBS/LoveLetter virus Roelof Temmingh (May 04)
- Re: ethernet cards & promisc mode Todd Garrison (May 04)
- Re: ethernet cards & promisc mode RioTek (May 04)
- ILOVEYOU worm Elias Levy (May 04)
- don't open email w/ subject line "I love you." (Was: Re: I love you.) Ken Williams (May 04)
- Re: IL0VEY0U worm Elias Levy (May 04)
- I Love You.. Repair Program James Wilkins (May 04)