After manually going through the config you could give an automated config parser liker Nipper (http://nipper.titania.co.uk) a shot. See if it comes up with something youve missed.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jack Daniel Sent: Mittwoch, 10. Juni 2009 05:13 To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Firewall Audit Depending on the firewall platform, number of firewalls, and the reason for the audit, you may want to include one of the commercial monitor/optimization tools...if you "just need information" (as opposed to "need information that will stand up in court"), I have heard that "Bob" occasionally uses trials of commercial tools for this purpose. (I am sure "Bob" eventually buys licenses as appropriate). The only one I have played with is Secure Passage's Firemon, but there are other options. As far as vuln scanners, make sure you enable and expose as many services and functions as possible (in a lab environment, of course) to really test the system- and make sure you test from "inside" and out. Then apply common sense to the results, think about whether or not the results are realistic in your production environment. Just scanning the outside of a locked-down system won't tell you much (hopefully). <rant> I have seen customers "fail" audits because their DNS proxy answered anonymous DNS queries. From the LAN. I have also seen customers "fail" audits because firewalls accepted and passed odd, yet RFC-compliant, packets to an internal host- traffic for which there are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a firewall is a story for another day...</rant> Jack On Tue, Jun 9, 2009 at 3:45 PM, Chris<[email protected]> wrote: > Hi all, > > I have been asked by management to conduct an audit of a Firewall, no > actual specification has been created. > > So what Im asking is, I have to create a terms of reference and specify > what Im going to audit. > > I have started looking at the OSSTMM Firewall test, and would like to know > how to conduct the test. > > Tools(nmap,hping,nessus) and what types of things I should be looking for in > the scans. > > > > Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan) > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
