Re: Firewall assessment

From: Jorge Lozano (lozano_jorge@yahoo.com)
Date: Mon Aug 25 2003 - 12:01:07 EDT


Check the OSSTMM methodology, there's a whole section
about checking vulnerabilities on firewalls and a list
of recomended tools for that purpose.

You can get the methodology here:

http://www.isecom.org/projects/osstmm.htm

Cheers

--- Sasa Jusic <sjusic@pamela.zesoi.fer.hr> wrote:
> Hi everyone,
>
>
> This interesting discussion about firewall
> enumeration tools, made me ask
> one closely related question.
>
> I would like to know what are the usual steps when
> doing a pen test on the
> firewall?
>
> Besides looking for potential vulnerabilities in the
> actual firewall device
> (by running some of the vulnerability scanning tools
> like Nessus, ISS,
> Retina etc), I am also interested in other automated
> or manual tests which
> could be useful for finding other potential security
> weaknesses
> (configuration errors, VPN services etc.).
>
> I know that this is very general question, and that
> it depends on the
> situation and environment where the tests are made,
> but I would like to hear
> some general ideas and techniques from people with
> experience in this area.
>
>
> Thanks,
>
> Sasa Jusic
> e-mail:sasa.jusic@zesoi.fer.hr
>
>
---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal,
> September 29-30 (Training), October 1-2 (Briefings)
> in Tysons Corner, VA; the world<92>s premier
> technical IT security event. Modeled after the
> famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top
> speakers and sponsors.
> Symantec is the Diamond sponsor. Early-bird
> registration ends September 6 Visit:
> www.blackhat.com
>
----------------------------------------------------------------------------
>

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT