Do you test your firewall? Given the complexity of firewall rules, they're highly error prone. A small typo could easily open up a hole.
I don't mean the simple and obvious port scan, but something more sophisticated. Do you have a test suite for your firewall? If so, what tools do you use? Has the DevOps practice of automated testing reached firewalls? Is there any hope of finding holes like this one: http://arstechnica.com/security/2014/04/easter-egg-dsl-router-patch-merely-hides-backdoor-instead-of-closing-it/ (It uses a specially crafted Ethernet packet to act as a port knock that then opens up a TCP port that accepts administrative commands.) Not likely, but once it is known, a test for it could be added to a regression suite. (Although there is the complication of how you execute the test, given you need access to the Ethernet on the WAN side of your router (a server out in the cloud wont do). So you'll need a tap or a hub.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/ _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss