Hi a newbie here but I have heard claims that any software based firewall bandwidth throughput etc is inherently unreliable when dealing with the short durations of latency through firewalls.
Would not the cert pages be a good start for how to test firewalls and the Common Criteria documents on firewalls certfication set an example of how networks should be set up. Don --- Siddhartha Jain <[EMAIL PROTECTED]> wrote: > Hi, > > I am in the process of preparing a > framework/parameter > list on which a firewall would be tested. Here are > some tests i can think of on which a firewall should > be tested: > > 1. Sustained TCP connections, thoughput & number. > Eg. > FTP > > 2. Short-lived TCP connections, throughput, number, > connection establishment and tear-down time. Eg. > SMTP/HTTP > > 3. Sustanied UDP connections (although UDP is > connectionless), throughput & number. Eg. Streaming > video/audio. > > 4. Short-lived UDP communication, number. Eg. DNS. > > 5. ICMP RTT at diferent load levels. > > 6. SYN Flood test > > 7. Connection establishment time wrt to number of > rules on the firewall. > > 8. Filtering and fragmentation > - Reaction of the firewall on receiving a TCP packet > with the RST or ACK flag set. > - IP fragmentation re-assembly test. > - Overlap recognition > > 9. Are existing checksums for IP, TCP and UDP > verified? > > 10. A portscan of the firewall IP. Of the servers > behind the firewall. > > 11. Nessus tests on the firewall IP and the servers > behind the firewall. > > 12. All the tests repeated with static NAT enabled. > > 13. All the tests repeated with IPSec. > > 14. Effect of logging on the these tests. > > 15. Attempt to reach denied ports behind the > firewall > when the firewall is saturated. Or in the other > words, > test if the firewall turns blind during a SYN Flood? > > Can you think of more tests for > stressing/penetrating > the firewall. Also, what methodology should be > adopted > to measure the various test results? > > Any help would be appreciated. > > Regards, > > Siddhartha > > > __________________________________________________ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls ===== A Nobel Peace Prize for Jim Henson, He bought laughter to a lot of people. PS: I work in www.Quantiqint.com so comments regarding CyberGuard FW, NFR Security, Network-1, might be judged to be biased. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
