Re: Firewall assessment

From: Jorge Lozano (lozano_jorgeat_private)
Date: Mon Aug 25 2003 - 09:01:07 PDT

Next message: Mariusz Burdach: "RE: Firewall assessment"

Previous message: Alvin Oga: "Re: Firewall assessment"
In reply to: Sasa Jusic: "Firewall assessment"
Next in thread: Mariusz Burdach: "RE: Firewall assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Check the OSSTMM methodology, there's a whole section
about checking vulnerabilities on firewalls and a list
of recomended tools for that purpose.

You can get the methodology here:

http://www.isecom.org/projects/osstmm.htm

Cheers

--- Sasa Jusic <sjusicat_private> wrote:
> Hi everyone,
> 
>  
> This interesting discussion about firewall
> enumeration tools, made me ask
> one closely related question. 
> 
> I would like to know what are the usual steps when
> doing a pen test on the
> firewall? 
> 
> Besides looking for potential vulnerabilities in the
> actual firewall device
> (by running some of the vulnerability scanning tools
> like Nessus, ISS,
> Retina etc), I am also interested in other automated
> or manual tests which
> could be useful for finding other potential security
> weaknesses
> (configuration errors, VPN services etc.).
> 
> I know that this is very general question, and that
> it depends on the
> situation and environment where the tests are made,
> but I would like to hear
> some general ideas and techniques from people with
> experience in this area.
> 
>  
> Thanks,
> 
> Sasa Jusic
> e-mail:sasa.jusicat_private
> 
>
---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal,
> September 29-30 (Training), October 1-2 (Briefings)
> in Tysons Corner, VA; the world<92>s premier 
> technical IT security event.  Modeled after the
> famous Black Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top
> speakers and sponsors.  
> Symantec is the Diamond sponsor.  Early-bird
> registration ends September 6 Visit:
> www.blackhat.com
>
----------------------------------------------------------------------------
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Mariusz Burdach: "RE: Firewall assessment"
Previous message: Alvin Oga: "Re: Firewall assessment"
In reply to: Sasa Jusic: "Firewall assessment"
Next in thread: Mariusz Burdach: "RE: Firewall assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 25 2003 - 13:12:19 PDT