RE: Firewall rulebase automation - Grey Box assessment
- From: "Peter Parker" <peterparker@xxxxxxxxxxx>
- Date: Fri, 27 Jun 2008 08:20:46 -0700
I agree to Chris. Had an opportunity to test CP-VSX and NetScreen both
on high speed networks and to my dismay many things do not function as
configured and expected. Specially when the firewalls are under heavy
traffic.
For true test on whats allowed and whats not -- go on wire, load the box
and perform your tests.
On Thu, 26 Jun 2008 06:17:26 -0400, "Chris Brenton"
<cbrenton@xxxxxxxxxxxxxxxx> said:
On Thu, 2008-06-26 at 08:28 +0400, Naveed Ahmed wrote:--
Hello All
There is another great tool at http://www.niiconsulting.com/products/Firesec.html
This will help you to housekeep rule bases as well as analyse them
IMHO the problem with all of these tools is that they assume the rule
base is an accurate description of what is permitted to pass on the
wire. Anyone who has done wire level testing knows this is very rarely
the case (think CP or Juniper permitted ACK session establishment to
simplify active-active, Cisco poor handling of ICMP errors, multiple
firewalls with poor sequence number or checksum validation, etc. etc.).
Tools like FTester or Dr. Morena will give you a much more accurate
view. More info at:
http://dev.inversepath.com/trac/ftester
http://www.securiteam.com/tools/5MP0P1F40Y.html
Or even better, snag copies of nmap, hping & Scrappy and customize your
testing. You may be pretty surprised at what you are leaking through.
HTH,
Chris
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
peter
peterparker@xxxxxxxxxxx
--
http://www.fastmail.fm - Send your email first class
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- References:
- Firewall rulebase automation - Grey Box assessment
- From: arvind doraiswamy
- Re: Firewall rulebase automation - Grey Box assessment
- From: Clement Dupuis
- RE: Firewall rulebase automation - Grey Box assessment
- From: Naveed Ahmed
- RE: Firewall rulebase automation - Grey Box assessment
- From: Chris Brenton
- Firewall rulebase automation - Grey Box assessment
- Prev by Date: Re: SQL Injection Tools
- Next by Date: BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
- Previous by thread: RE: Firewall rulebase automation - Grey Box assessment
- Next by thread: Re: Firewall rulebase automation - Grey Box assessment
- Index(es):
Relevant Pages
|
