Paul/Ron any idea what type of scans I could run using nmap or nessus. Also this would make a good technical segment for the show.
2009/6/10 Paul Asadoorian <[email protected]> > Agreed, auditing firewalls is a two-phased approach (Even three). > First, you need to understand your rules and audit them on a regular > basis. Of course, change management people HATE this because I would > put in a change notice every couple of months and call it "maintenance" > and clean-up the firewall rules, remove rules that didn't exist, etc... > > Second, you should perform scans through the firewall and make sure its > blocking what it says it should be blocking. > > Third, you should audit your firewall logs, they can also tell you if > you made an "oops" and are allowing traffic that you should not. I > actually had a systems administrator catch a firewall rule that was > incorrect because they were seeing FTP login attempts from the Internet! > > Cheers, > Paul > > Ron Gula wrote: > > On 6/9/2009 3:45 PM, Chris wrote: > >> > >> Hi all, > >> > >> I have been asked by management to conduct an audit of a Firewall, no > >> actual specification has been created. > >> > >> So what I’m asking is, I have to create a terms of reference and > >> specify what I’m going to audit. > >> > >> I have started looking at the OSSTMM Firewall test, and would like to > >> know how to conduct the test. > >> > >> Tools(nmap,hping,nessus) and what types of things I should be looking > >> for in the scans. > >> > >> > >> > >> */Help me, /Pauldotcom//; /you/'/re my only hope/*/ (Sorry big > >> StarWars fan)/// > >> > >> > > Tools aside, I'd start with the config of the firewall and attempt to > > understand how it is > > set up. If there is no real policy for which to compare this against, > > I'd audit what can get > > through in both directions and then describe this to your management. > > I'd also do a vuln > > audit of the firewall, but this should be a detail and not where you > start. > > > > Ron Gula > > Tenable Network Security > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > -- > Paul Asadoorian > PaulDotCom Enterprises > Web: http://pauldotcom.com > Phone: 401.829.9552 > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
