| View previous topic :: View next topic |
| Author |
Message |
dmck
n00b
Joined: 22 Jan 2003
Posts: 43
Location: Rochester, NY
|
 Posted: Mon Jan 05, 2004 4:58 am Post subject: Firewall auditing |
 |
|
Anyone know of any programs that I can use to test my firewall(s). I could create scipts to perform all the "common" attacks; however I haven't the time.
I've been looking around, with no luck.
Thanks!
-dave |
|
| Back to top |
|
 |
BackSeat
Apprentice
Joined: 12 Apr 2002
Posts: 242
Location: Reading, UK
|
| Posted: Mon Jan 05, 2004 6:43 am Post subject: Re: Firewall auditing |
|
|
| dmck wrote: | | I've been looking around, with no luck. |
Really??? Try using a search engine! There are many ways to do this, ranging from simple to complex. For an example of the former, try "Shields Up" at grc.com.
BS |
|
| Back to top |
|
|
dmck
n00b
Joined: 22 Jan 2003
Posts: 43
Location: Rochester, NY
|
|
| Back to top |
|
|
BackSeat
Apprentice
Joined: 12 Apr 2002
Posts: 242
Location: Reading, UK
|
| Posted: Mon Jan 05, 2004 7:46 am Post subject: |
|
|
| dmck wrote: | | actually i was looking for something a little more powerfull then a web-style pen. test. |
Next time you want help, try to specify exactly what you want. Meanwhile I'll make a note not to bother helping you again.
BS |
|
| Back to top |
|
|
dmck
n00b
Joined: 22 Jan 2003
Posts: 43
Location: Rochester, NY
|
| Posted: Mon Jan 05, 2004 8:33 am Post subject: |
|
|
| Quote: | Meanwhile I'll make a note not to bother helping you again.
|
I was not trying to negatively skew your comment; just stating that I was looking for some applications, not webbots.
web-style auditing is less direct and not as indepth as an onsite application could provide to you. It is also a security risk to let an external site audit your firewall; especially if you *think there are existing holes in your FW,IDS,etc.
thanks though
-dave |
|
| Back to top |
|
|
deprecated
Tux's lil' helper
Joined: 21 Aug 2002
Posts: 118
Location: Madison, WI
|
| Posted: Mon Jan 05, 2004 8:04 pm Post subject: |
|
|
| BackSeat wrote: | Next time you want help, try to specify exactly what you want. Meanwhile I'll make a note not to bother helping you again.
BS |
Erm, way off topic, just happened to read the thread because it is something I'm interested in as well, and I was surprised by that response. Take it easy and don't take things so personally, dmck didn't deserve a verbal thwacking at all.
On topic, I'm not a fan of the internet scans, simply because anytime something is open they call it a vulnerability. There was even one that listed ntp as a vulnerability, which I suppose is plausible, just not likely. A server running nothing would be the only thing they'd list as "secure", which is probably true, but thats also a pretty worthless server. A quick portscan and analysis of what programs are running on the ports will give you a much better analysis of security than a canned tool will, and it probably won't take much longer either.
That being said, most firewall designs are pretty simple, deny everything other than what needs to be accessed from the outside. At the max, there might be ftp, http, ssl, vpn, ssh, ntp, dns. Beyond allowing this and denying everything else, there isn't that much you can do at the firewall level. Keeping the applications patched will have a much greater effect on your overall external security than extensive firewall testing; if you're looking to keep it as secure as possible while not making security your life's work, spend the time updating your software. If it is your life's work, ummm, ignore me 
--Dep |
|
| Back to top |
|
|
BackSeat
Apprentice
Joined: 12 Apr 2002
Posts: 242
Location: Reading, UK
|
| Posted: Mon Jan 05, 2004 8:19 pm Post subject: |
|
|
| deprecated wrote: | | I was surprised by that response. Take it easy and don't take things so personally, dmck didn't deserve a verbal thwacking at all. |
OK, fair enough. However, the orignal poster asked for "any programs that I can use to test my firewall(s)" and mentioned that "I've been looking around, with no luck". I point him to Google, which will list LOTS, and also offered one website that can help. I'm not defending grc.com, but it fulfills the request.
Then I'm told that he wanted something "more powerful" and he THEN lists a bunch of tools that would help him! WTF is he asking for if he already knows the answer? I get pissed off when I spend time answering someone's plea fo rhelp only to be told that my answer isn't good enough, and what the "correct" answer is.
I run and support Gentoo for a living. I'm supplying help on these forums for free, and generally I'm happy to do so. But the original poster's behaviour is, for me, unacceptable. I've re-read what was said, and I stand by my reaction.
BS |
|
| Back to top |
|
|
dmck
n00b
Joined: 22 Jan 2003
Posts: 43
Location: Rochester, NY
|
| Posted: Mon Jan 05, 2004 9:20 pm Post subject: |
|
|
| Quote: | | get pissed off when I spend time answering someone's plea fo rhelp |
1. i was not pleading for help, merely asking for any knowledge of good testing software. (As in "hey, i used this before and it was decent", etc...)
2. "Try Google!" was NOT an answer to my problem, only a comment from someone with no advice to give. (like i wouldn't search for it myself first, wtf?)
3. If you have no useful advice except "search for it yourself", don't bother posting.
Dep:
Security is the focus of my career; however your mindset is correct. You have stated some good advice in FW usage, however I was helping a colleague of mine benchmark different brands of hardware and software FWs in order to adequately recommend them to our clients. Although all *decent FWs do the same thing, some are not as tolerant to specific attacks, which is what I was looking to test.
- dave |
|
| Back to top |
|
|
bryon
Apprentice
Joined: 14 Feb 2003
Posts: 163
|
| Posted: Mon Jan 05, 2004 10:03 pm Post subject: i have a good one |
|
|
Hey where is the love.
I have to admit that I just skimed most of the posts, and it looked like most of them are just a big bunch of flames.
I would just like to suggest that you try out
nessus
and
nmap.
nmap is terminal based and can tell you want ports are open while nessus is the most powerful intrustion program that I can think of. It will tell you a whole list of things that could go wrong with you coputer, eg old buggy version or feture that should be dissabled.
But you should try loooking through /usr/portage/net-analyzer becuase there is a whole lot to choose from. |
|
| Back to top |
|
|
albertpak
n00b
Joined: 31 Dec 2003
Posts: 8
|
| Posted: Mon Jan 05, 2004 10:18 pm Post subject: |
|
|
The quickest and easiest way to test your firewall just only few clicks away... Try http://www.grc.com/default.htm and click on "ShieldsUP!". This will scan your ports from 0 - 1024. It is the same as nmap but without installation and configuration.
HTH
Albert |
|
| Back to top |
|
|
Tazmanian
Apprentice
Joined: 01 Jul 2003
Posts: 222
|
| Posted: Mon Jan 05, 2004 10:26 pm Post subject: |
|
|
Uh, wasn't this suggested in the second post to this topic? Please read before you post! |
|
| Back to top |
|
|
Mnemia
Guru
Joined: 17 May 2002
Posts: 476
|
| Posted: Tue Jan 06, 2004 12:23 am Post subject: |
|
|
I ran into the lack of decent firewall testing tools for Linux myself some time ago. There are portscanners, vulnerability scanners, etc. galore but as far as I can tell there really isn't any open source software that can test for performance in an integrated manner. I'd like a tool that combines common attacks with powerful random traffic generation capabilities and benchmarking for performance. There are individual tools that let you do some of those things but there is nothing that can do it all and present the results to you in one spot. I think a lot of you who are recommending things like GRC.com aren't really looking at the same depth of testing as the original poster - who mentioned that he wanted a more powerful test suite.
I think making a tool like this would be a great open source project for somebody who is very knowledgable about networking - I'd do it if I had more time. I think the only real solutions similar to what I'm talking about are very expensive proprietary testing tools integrated into network testing machines. |
|
| Back to top |
|
|
dmck
n00b
Joined: 22 Jan 2003
Posts: 43
Location: Rochester, NY
|
| Posted: Tue Jan 06, 2004 1:23 am Post subject: |
|
|
After much research into this topic, I have to agree. There is a definite lack in "quick and dirty" testing methods for FWs. This is prob. due to the countless setups one can instate on their FW(s).
What I ended up doing is examining my companies own security policy and writing or modifying current exploits that would test those. Then using those tools, along with some existing ones I threw them at my test base of FWs and benchmarked their performance that way. I do realize this type of test would only be valid given the strenght of my own polices; however being a consulting firm, I feel they are well established.
Thanks for all the input.
Mnemia:
In about 4-5 months i have some free time opening up and might be looking into working with some people on developing such a tool. If funding goes through and I have not sided with other projects I will keep you posted.
-dave |
|
| Back to top |
|
|
|
Networking & Security
