Hi everyone, This interesting discussion about firewall enumeration tools, made me ask one closely related question. I would like to know what are the usual steps when doing a pen test on the firewall? Besides looking for potential vulnerabilities in the actual firewall device (by running some of the vulnerability scanning tools like Nessus, ISS, Retina etc), I am also interested in other automated or manual tests which could be useful for finding other potential security weaknesses (configuration errors, VPN services etc.). I know that this is very general question, and that it depends on the situation and environment where the tests are made, but I would like to hear some general ideas and techniques from people with experience in this area. Thanks, Sasa Jusic e-mail:sasa.jusicat_private --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 25 2003 - 08:37:02 PDT