Firewall assessment

From: Sasa Jusic (sjusic@pamela.zesoi.fer.hr)
Date: Mon Aug 25 2003 - 10:18:09 EDT


Hi everyone,

 
This interesting discussion about firewall enumeration tools, made me ask
one closely related question.

I would like to know what are the usual steps when doing a pen test on the
firewall?

Besides looking for potential vulnerabilities in the actual firewall device
(by running some of the vulnerability scanning tools like Nessus, ISS,
Retina etc), I am also interested in other automated or manual tests which
could be useful for finding other potential security weaknesses
(configuration errors, VPN services etc.).

I know that this is very general question, and that it depends on the
situation and environment where the tests are made, but I would like to hear
some general ideas and techniques from people with experience in this area.

 
Thanks,

Sasa Jusic
e-mail:sasa.jusic@zesoi.fer.hr

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT