VESARiA Network Security Specialists
About Vesaria Services Consulting Partners Research Customers Contact Us

Firewall Testing Procedure

Firewall FAQ

Our Guarantee

More Information


VESARiA Firewall Testing


 Our comprehensive firewall testing procedure analyzes:

  • Coverage & Configuration - Is the firewall set up to allow only desired traffic, and nothing else?
  • Resistance to Subversion - Can an attacker subvert it, sneaking malicious traffic past it?
  • Upkeep - Is it maintained properly? Is it immune to newly discovered vulnerabilities?
  • Administrative Access - Is the administrative interface secured (via authentication and encryption) from an attacker?
  • Information Leakage - Does the firewall reveal sensitive information about itself or its network?

For a detailed description of VESARiA's testing methodology, please see VESARiA Firewall Testing Methodology.

Is Your Firewall Doing Its Job?

Simply put, most firewalls are not doing their job.

    "If you audit the firewall of a big corporation, you find that five people have worked on the configuration over three years and two versions; it has thousands of objects and hundreds of rules, and nobody knows what the beast is doing any more..."

    These words, spoken candidly by a security researcher at Bell Labs, relate a sad truth: configuring a production firewall to effectively keep out attackers is an elusive task.  Skilled attackers will try technique after technique, until finding a hole that lets them in.  Administrators, unable to keep up with the ever changing hacker methods, often do not realize that their firewall is leaking... at least, until the hackers show them.

Conventional Scanning Can Miss Weaknesses

    Many security professionals limit their firewall testing to a conventional "port scan" - an automated scan that enumerates the network channels, or "ports," that the firewall permits into the network.  While port scanning provides an excellent overview, it does not address basic questions, such as:
  • Are there any backdoors in the firewall through which malicious traffic can pass?
  • Can an attacker disguise traffic to appear to the firewall as a permitted type of traffic?
  • Is the firewall itself vulnerable to direct attack?
  • Does it leak information?
Leaving these questions unanswered, port scanning alone cannot ensure the firewall's effectiveness and security.

How Does VESARiA's Testing Ensure Rigorous Security?

    VESARIA's testing battery answers these vital questions.  We rigorously scrutinize the five major areas of firewall vulnerabilities.  We ensure that your firewall effectively keeps attackers out, in a manner conforming with the ICSA Lab Firewall Standards (an independent set of criteria for firewall potency).  If you'd like to find out more, please continue here, or call us at (443) - 501 - 4044.

For a detailed description of VESARiA's testing methodology, please see VESARiA Firewall Testing Methodology. All of our assessment services come with a full guarantee, and are available both individually and on a subscription basis.
Vesaria, LLC

Marcus Ranum on Firewall Testing

Firewall Testing: From the Eye of a Hacker  
© 2000 - 2018 Vesaria Network Security Specialists        
   About Vesaria   |   Legal   |   Privacy   |   Contact