Skip to main content

#Firewall Tests and Supporting Tools

#Firewall Tests and Supporting Tools

--------------------------------------------
Courtsey/:-
https://www.facebook.com/geeksch00l
Is your firewall still safe? Use these resources to test your firewall at least once per month and after any major change.

Firewall testing can be a hassle, particularly in environments with multiple devices possessing multiple interfaces.

Industry consultants, however, recommend that IT managers step up to this ounce of prevention. Wayne Haber, director of architecture at SecureWorks_Inc., a managed #security services provider, advised testing firewalls at least once per month and after any major change. Jonathan_Glass, senior systems administrator at SecureWorks, also recommended adding firewall testing to the firewall change management process.

A battery of tests may be in order to make sure firewalls serve their purpose. This testing can prove time-consuming and labor-intensive, but a number of automated tools — both open-source and commercial — aim to ease the burden.

Here’s the run down on tests and the tools that support them.

Rule Set Analysis:-
----------------------
Firewall rule sets can get messy in complex deployments. Over time, rule sets may fall out of step with security policy. Unused rules may proliferate.

A review of firewall rule sets addresses those and other issues. This check may turn up some low-hanging fruit, noted David Lawson, director of #risk_management at Acumen Solutions Inc., a business and technology consulting firm. He cited the example of an administrator who, when troubleshooting a newly installed application, puts in a rule that accepts all traffic and leaves it there.

“A lot of times we look at firewalls and we find some of those [firewall-negating rules] left in but disabled or left in and forgotten about,” Lawson said.

Ron_Ritchey, a principal with strategy and technology consultant Booz Allen Hamilton, said rule set analysis can also catch inconsistencies among firewalls. For example, an organization’s filtering policy may be to block Windows networking ports at the perimeter. In a zone network architecture, administrators may leave #TCP ports 135, 139 and 445, as well as #UDP port 138, open on the local firewall, thinking the perimeter device has it covered. A reversal of the perimeter policy, however, would introduce #vulnerabilities downstream.

Ritchey said the Windows networking case serves as “an example of something that people often block at the perimeter of their network and then do not enforce inside the network.”

Ritchey also stated that no one sets out to develop insecure rule sets, but they may evolve that way over time.

As for tools that automate analysis, Lawson said his company uses tools written and developed in-house, as well as products developed by others.

Commercial products that may be used for firewall analysis and auditing include tools such as #AlgoSec’s #Firewall_Analyzer, #RedSeal_Systems’ #Security_Risk_Manager and #Skybox_Security’s #Firewall_Compliance_Auditor.

#Vulnerability_Scan
---------------------
IT managers should also consider the security of the firewall itself, consultants say.

Haber said vulnerability #scanners such as #Tenable_Network_Security’s #Nessus 3 can handle that job, as can earlier open source versions of Nessus. SecureWorks also cited #IBM_Internet_Scanner (formerly ISS Internet Scanner) and #eEye_Digital_Security’s #Retina_scanner as options.

The task here is to determine whether a firewall has a weak password and to check for known vulnerabilities, Glass said.

A number of open-source offerings also contribute to firewall testing. #Network_Mapper, or #Nmap, lets administrators scan through a firewall in different ways, identifying open ports, Haber noted. Glass also cited hping, a TCP/IP packet assembler and analyzer that may be used in firewall testing and port scanning. (For more, see also the IT Security Vulnerability Scanning Resource Ccenter.)

Glass called hping “a very capable tool” that can be used in a range of network-troubleshooting roles. It also offers the ability to craft raw packets that “could allow you to try spoofing-type attacks, especially if the firewall is strictly a port-filter and doesn’t pay any attention to session management,” Glass added.

#Packet_Sniffing
------------------
Another test involves determine what, if anything, can make it across the firewall. An #IDS (#intrusion_detection_system) can serve as an alarm mechanism in a test. In addition, a packet sniffer can break apart packets “to see what’s getting through,” Lawson noted.

#Wireshark (formerly Ethereal) provides one example. SecureWorks executives view Wireshark as useful for capturing and reviewing test packets.

#Darknet, Network Telescope, and Internet Motion Sensor aren’t traditional firewall-testing tools but may be used in that capacity. Glass said he’s seen a Darknet, for example, used as an internal IDS and to verify firewall policy.

The Team Cymru Darknet Project Web site describes a Darknet as “a portion of routed, allocated IP space in which no active services or servers reside,” apart from “packet vacuum” servers that collect the packets that flow into a Darknet.

“These boxes are essentially sniffers that record all the packets they see and write the relevant bits to a log file,” Glass explained. “By analyzing/monitoring the log file for external IPs, you can verify that the firewall policy is blocking, or is not blocking, traffic you expect to have blocked.”

#Log_Analysis
-----------------
Log analyzers provide another check on the firewall. Those tools aggregate log data from multiple firewalls and let organizations check for unusual activity, Haber said.

Examples in this tool class include #Logsurfer, #Webfwlog, and the WallFire project’s #wflogs. SecureWorks also cites Cisco Systems Inc's Monitoring, Analysis and Response System (MARS) as a security incident manager that keeps track of firewall permits and denies.

Performance Testing
----------------------
Firewall analysis can help IT managers optimize rule sets. Unused rules can be removed, for instance. A reduction in the total number of rules can ease the firewall’s workload. The practice of moving up highly used rules, while maintaining the organization’s security and risk posture, also increases performance, Lawson explained.

In addition to rule set analysis, performance tools such as Iperf can also play a role in firewall testing. Iperf is used to measure maximum TCP bandwidth. Testing the throughput of a firewall could be valuable, especially when trying to validate vendor claims, SecureWorks noted.


Hope You Like it . If You Dony Understand Plz Comment Ready To Help ..
Coursey:-Satyamevjayte  Haxor.

Comments

Popular posts from this blog

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo...

How to Hack WhatsApp using just a GIF

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone? Well, not a theoretical idea anymore. WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. WhatsApp Remote Code Execution Vulnerability The vulnerability, tracked as  CVE-2019-11932 , is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that What...