Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Auditing a firewall rulebase

Re: Auditing a firewall rulebase

From: Paul Melson <pmelson_at_gmail.com>
Date: Mon, 19 May 2008 14:20:49 -0400

> Rules which have "any" or an equivalent keyword in them
> Rules where an entire subnet has been granted access to a resource
> Rules where a range of IP addresses has been granted access to a resource
> Rules where a large range of ports has been opened to an IP Address /
Addresses
> Rules where there are design issues in the protocol itself eg. Unencrypted
traffic
> Rules which are redundant and can be removed from the rulebase

That's a pretty good list, actually. I would add; rules that allow access
to the firewall. You will also want to audit for what kind of logging is
turned on/off and whether or not that poses a risk. Also think in terms of
implied rules (like interface security levels in a PIX or Global Policy in
Check Point) and whether or not those create any of the situations you
mention above.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on May 20 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]