Thanks for the reply Jack 2009/6/10 Jack Daniel <[email protected]>
> Depending on the firewall platform, number of firewalls, and the > reason for the audit, you may want to include one of the commercial > monitor/optimization tools...if you "just need information" (as > opposed to "need information that will stand up in court"), I have > heard that "Bob" occasionally uses trials of commercial tools for this > purpose. (I am sure "Bob" eventually buys licenses as appropriate). > The only one I have played with is Secure Passage's Firemon, but there > are other options. > > As far as vuln scanners, make sure you enable and expose as many > services and functions as possible (in a lab environment, of course) > to really test the system- and make sure you test from "inside" and > out. Then apply common sense to the results, think about whether or > not the results are realistic in your production environment. Just > scanning the outside of a locked-down system won't tell you much > (hopefully). > > <rant> I have seen customers "fail" audits because their DNS proxy > answered anonymous DNS queries. From the LAN. I have also seen > customers "fail" audits because firewalls accepted and passed odd, yet > RFC-compliant, packets to an internal host- traffic for which there > are no known vulnerabilities. And "failing" a "PCI audit" for HAVING a > firewall is a story for another day...</rant> > > > Jack > > > > > On Tue, Jun 9, 2009 at 3:45 PM, Chris<[email protected]> wrote: > > Hi all, > > > > I have been asked by management to conduct an audit of a Firewall, no > > actual specification has been created. > > > > So what I’m asking is, I have to create a terms of reference and specify > > what I’m going to audit. > > > > I have started looking at the OSSTMM Firewall test, and would like to > know > > how to conduct the test. > > > > Tools(nmap,hping,nessus) and what types of things I should be looking for > in > > the scans. > > > > > > > > Help me, Pauldotcom; you're my only hope (Sorry big StarWars fan) > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > > > -- > ______________________________________ > Jack Daniel, Reluctant CISSP > http://twitter.com/jack_daniel > http://www.linkedin.com/in/jackadaniel > http://blog.uncommonsensesecurity.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
