On 6/9/2009 3:45 PM, Chris wrote: > > Hi all, > > I have been asked by management to conduct an audit of a Firewall, no > actual specification has been created. > > So what I'm asking is, I have to create a terms of reference and > specify what I'm going to audit. > > I have started looking at the OSSTMM Firewall test, and would like to > know how to conduct the test. > > Tools(nmap,hping,nessus) and what types of things I should be looking > for in the scans. > > > > */Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big > StarWars fan)/// > > Tools aside, I'd start with the config of the firewall and attempt to understand how it is set up. If there is no real policy for which to compare this against, I'd audit what can get through in both directions and then describe this to your management. I'd also do a vuln audit of the firewall, but this should be a detail and not where you start.
Ron Gula Tenable Network Security
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
