firewall testing framework/parameters

From: Siddhartha Jain (losttoy2000at_private)
Date: Wed Jan 16 2002 - 02:28:34 PST

Next message: patrik.karlssonat_private: "Port 1521 aka "Unbreakable" Oracle Server"

Previous message: Erlend J. Leiknes: "Re: Medium Scale Scanning Best Practices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am in the process of preparing a framework/parameter
list on which a firewall would be tested. Here are
some tests i can think of on which a firewall should
be tested:

1. Sustained TCP connections, thoughput & number. Eg.
FTP

2. Short-lived TCP connections, throughput, number,
connection establishment and tear-down time. Eg.
SMTP/HTTP

3. Sustanied UDP connections (although UDP is
connectionless), throughput & number. Eg. Streaming
video/audio.

4. Short-lived UDP communication, number. Eg. DNS.

5. ICMP RTT at diferent load levels.

6. SYN Flood test

7. Connection establishment time wrt to number of
rules on the firewall.

8. Filtering and fragmentation 
- Reaction of the firewall on receiving a TCP packet
with the RST or ACK flag set.
- IP fragmentation re-assembly test.
- Overlap recognition

9. Are existing checksums for IP, TCP and UDP
verified?

10. A portscan of the firewall IP. Of the servers
behind the firewall.

11. Nessus tests on the firewall IP and the servers
behind the firewall.

12. All the tests repeated with static NAT enabled.

13. All the tests repeated with IPSec.

14. Effect of logging on the these tests.

15. Attempt to reach denied ports behind the firewall
when the firewall is saturated. Or in the other words,
test if the firewall turns blind during a SYN Flood?

Can you think of more tests for stressing/penetrating
the firewall. Also, what methodology should be adopted
to measure the various test results?

Any help would be appreciated.

Regards,

Siddhartha

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: patrik.karlssonat_private: "Port 1521 aka "Unbreakable" Oracle Server"
Previous message: Erlend J. Leiknes: "Re: Medium Scale Scanning Best Practices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 12:25:33 PST