RootPrompt.org: Auditing Your Firewall SetupApr 10, 2000, 13:13 (0 Talkback[s])
(Other stories by Lance Spitzner)
[ Thanks to Noel for this link. ]
"You've just finished implementing your new, shiny firewall. Or perhaps you've just inherited several new firewalls with the company merger. Either way, you are probably curious as to whether or not they are implemented properly. Will your firewalls keep the barbarians out there at bay? Does it meet your expectations? This paper will help you find out. Here you will find a guide on how to audit your firewall and your firewall rulebase. Examples provided here are based on Check Point FireWall-1, but should apply to most firewalls."
"This paper can help you in one of two situations. First, you have certain expectations of what your firewall can or cannot do and you want to validate those expectations. Second, you do not know what to expect, so you need to audit your firewall to learn more. Either way, this paper can hopefully help you out. We are not going to cover how to audit or "hack" a network, that is a different subject. Also, we are not going to discuss which firewall is better then others, each firewall has its own advantages and disadvantages. What is going to make or break you is not choosing the "best" firewall, but implementing it correctly. That is the purpose of this paper, making sure our firewall is correctly implemented and behaves as we expected it."
"Our first step in auditing our firewall is defining what we expect. What do we want our firewall to do? Most of you should have this already defined in the form of a security policy. Make sure you have an understanding of these expectations before you verify your firewall setup. That way, when you are done with the process, you can compare the results to your expectations."