|
Posted by Amit Gupta on November 27, 2005, 7:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
I have to do through review of the PIX and Checkpoint firewall and can
any one send me the detailed audit program for the same.
Thanks a lot.. in advance
Regards
Amit
|
|
Posted by on November 27, 2005, 8:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I have to do through review of the PIX and Checkpoint firewall and can
> any one send me the detailed audit program for the same.
>
> Thanks a lot.. in advance
>
> Regards
>
> Amit
Because running a program that some guy sent you on Usenet is thorough
investigation?
Anyway, have a look at nmap, hping, the docs, and the archives of groups
such as these. There's sure to be plenty of information. But without a
more specific query, it would be hard to find any.
Joachim
|
|
Posted by Wolfgang Kueter on November 27, 2005, 8:36 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I have to do through review of the PIX and Checkpoint firewall and can
> any one send me the detailed audit program for the same.
If you do not know yourself how to do that you are definitely the wrong
person to do an firewall audit.
Wolfgang
|
|
Posted by DigitalVinyl on November 27, 2005, 9:41 am
If you were Registered and logged in, you could reply and use other advanced thread options
>I have to do through review of the PIX and Checkpoint firewall and can
>any one send me the detailed audit program for the same.
>
>Thanks a lot.. in advance
>
>Regards
>
>Amit
Doing a review of a firewall policy, especially one of any size, is a
useless attempt by mis-management to fix what they've broken and
screwed up in the past, repeatedly.
Every entry to a firewall must be scrutinized when it is being made,
and only open that which you need and nothing more. I have never
worked in any organization that was willing to take measures to review
policy. ONE--it is dangerous to review poilicy cause it means
documenting out to many parties what they firewall rules are. TWO you
are documenting screwups which managers will seek to hide. THREE most
app developers and operations people DON'T know what ports they use so
they will never tell you shut things down out of fear of causing an
outage. FOUR--it can be a huge task.
If you've got few enough servers you can make some scans from
speciifc networks, but every source network can have different
accessiblity, so the larger the network the more implausible it
becomes. Especially with various hosts.
An alternative it to focus on specific hosts and use extensive
syslogging and reporting to examine what the servers actually do.
Review best practices and check if you follow them. DO you permit
NetBIOS calls to traverse an internet firewall. Do you allow ALL
outbound ports? This encourages worms, trojans, p2p, and more. DO you
stop all inbound traffic. Do you filter out all bogon sources. DO you
block all private IP addresses in and out.
When a server is retired, mark the retiring rules for deletion and
craft new rules fresh. Lock things down appropriately. Organize a
change in rules for a specific app by using traffic in syslog to
define a tighter set of rules. Monitor DENY and NO TRANSLATION errors
for hosts that you've changed rules for to detect missed traffic and
be prepared to create rules on the fly to amend permission.
I've inherited several misconfigured firewalls and this is the only
way I can see to clean things up. One has over 4,000 lines in the
config. Getting people to redefine the port needs for a hundred+
different servers is just not gonna happen.
|
|
Posted by Doug Fox on November 27, 2005, 3:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
sharing it with the group and any input is much appreciated.
1) The placement or location of the firewall
2) Vulnerability scanning the firewall from outside, e.g., Internet
3) The rulebase or security policy according to its vendor recommendation
4) I will also check the access control (ID, password and priviledges) to
the system.
5) physical security of the system
6) Monitoring of the firewall log, to find out if any port scanning or
hacking activities
7) Rulebase Change Control
8) Documentation
9) Backup
10) Please generously point out the missing pieces as you see it.
Any input/comments are greatly appreciated.
Thanks,
Doug
>I have to do through review of the PIX and Checkpoint firewall and can
> any one send me the detailed audit program for the same.
>
> Thanks a lot.. in advance
>
> Regards
>
> Amit
>
|
| Similar Threads | Posted | | Audit Nokia firewall rules | April 20, 2007, 11:57 am |
| Firewall Audit Tools (Redseal, Skybox, Algosec, etc.) | August 14, 2007, 12:41 pm |
| Sonicwall VPN Authentication & Audit | June 20, 2006, 8:54 pm |
| Opinios wanted on IP audit | November 28, 2007, 6:52 am |
| Audit Windows, Oracle, MSSQL and Cisco routers from single solution | April 17, 2008, 2:41 am |
| Firewall activity display program | May 25, 2007, 2:24 pm |
| Help regarding changing program | March 2, 2005, 7:27 pm |
| Help, Hardware Firewall that will control outgoing program control | December 2, 2006, 8:17 pm |
| zonealarm program icons | July 15, 2004, 1:05 am |
| New anti-spyware program | August 5, 2004, 8:54 am |
|
XML site map