Hi Peter,
Thaks for the answer, its interesting, but what I meant by the question is : generic points or vulnerabilities that we should check regardless of the networks services as for example : the firewall rules shouldn't accept ip packet having localhost adress as a source IP adress...
Thanks
Hi. If you are speaking about measuring I can recommend you to read ISO/IEC 27004. Weaknesses and vulnerabilities are directly connected with effectivness and efficiency of the Firewall.
The suggested ISO/IEC resource is a good start, but what you're actually looking for depends on the topology of the network your examined.
In general terms you should start checking for anti-spoofing measures (i.e. that there are rules that prevent external connections using private addresses). Also check for
-the administration scope. In other words check from what networks or hosts someone can access the administrative interface of the firewall.
- Verify that administrative interfaces use secure protocols (SSH, HTTPS, etc)
- Depending on the platform, CISCO or Checkpoint, you may want to restrict HTTPs administration completely.
- Also check for outbound protocols. That again depends on the network you examine, but the firewall administrator should have a very good idea of what applications are permitted to go outbound. Test those rules with common tools like nmap and see what happens if you use restricted protocols. Example, some admins allow outbound FTP for everybody. Is that authorized? Follow the same principle for every applicacion.
- Also check the software version of the firewall. Is it updated? is the current version vulnerable to known exploits?
- Is the DMZ traffic segregated from the internal traffic.
For more information you can check the manual of the vendor. They give you a pretty good idea of the basics needed to check.
visit insecure.org there u find some free tool for network security analysis specially NMAP which is now available for windows to. Its window version a very graphical and almost show all the potholes of the server or firewall from where chances of penetration is possible
Another possibility is to learn how ICSA Labs tests the firewalls. Testing by trained ICSA Labs firewall analysts is conducted against a standard set of functional and assurance criteria elements. ICSA Labs is presently testing firewalls against the Modular Firewall Product Certification Criteria version 4.1x. To learn more about the criteria, and to view or obtain past and present incarnations of our criteria you could visit https://www.icsalabs.com/technology-program/firewalls/firewall-product-certification-criteria-evolution. Hope that it will help you to work out approach according to best practices.
please consider concepts of iptables in linux to have better understanding. hope it helps.
- Badges
- Science topic
- Similar topics
- Engineering
- Electrical Engineering