VESARiA Firewall Testing Methodology
Profiling the FirewallIronically, the first stage in our firewall testing has nothing to do with the firewall itself. Before we can test it, we need to build a profile of the network which the firewall is protecting. This profile enables us to predict the firewall's configuration and associated weaknesses.
Our profile must answer the following questions:
Using DNS records, registrar databases, public web and mailing list searches, and other information, we try to identify every publicly accessible machine behind the firewall. We also use numerous probing methods (such as ICMP Echo sweeps, TCP SYN scans, LAN broadcast addresses, and more), to directly enumerate and fingerprint the private areas of the network. Our profile identifies every machine that we find, and classifies it into one of the following categories:
Flaw Hypothesis Testing
We then engage in extensive firewall testing, using our flaw hypothesis model as a guide. Besides leveraging the standard tools of port scanning, such as source and destination port manipulation, we make use of advanced techniques, such as packet header manipulation and ICMP error message analysis.
Many advanced firewalls in use today employ antiscanning countermeasures. For instance, an intelligent firewall may detect that a host is attempting to transmit too much forbidden traffic; the firewall may then label that host as untrusted and deny all traffic from it. While these countermeasures are useful in foiling attackers, they can result in false negatives in the firewall testing as well. Our testing methodology handles these countermeasures effectively, using such means as time lapse probing, IPID observation (also known as idle scanning), and packet-by-packet analysis to get a true picture of the firewall.
Advanced Subversion Techniques
Advanced hacker's have built up an arsenal of techniques to get past even tightly configured firewalls. In order to win this arms race, firewall testing must make use of those same techniques. Where warranted, we apply such techniques as:
Firewall Specific Vulnerabilities
Even the best firewalls, such as Checkpoint Firewall-1 and Cisco PIX, have errors in their design. At the time of this writing, Checkpoint has issued alerts to over ten vulnerabilities in Firewall-1, and Cisco has issued a similar list of vulnerabilities in PIX and IOS Firewalls. We research and test for these vulnerabilities.
Remote Administrative Access
Another potential point-of-weakness is the administrative interface of the firewall. We make sure it is properly secured, using encryption, authentication mechanisms, and access control. We test to see if it is vulnerable to brute force password attacks. In addition, we make sure that their are no other services running on the firewall that might present security weaknesses.
To sign up for VESARiA Firewall Testing, or to find out more, continue here, or call us now at (443) - 501 - 4044.
include('phone.php') ?> include('address.php') ?>
|© 2000 - 2017 Vesaria Network Security Specialists|
|Call Us at include('phone.php') ?>|