BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] firewall testing
- Subject: [Discuss] firewall testing
- From: tmetro+blu at gmail.com (Tom Metro)
- Date: Tue, 17 Jun 2014 16:31:40 -0400
Do you test your firewall? Given the complexity of firewall rules, they're highly error prone. A small typo could easily open up a hole. I don't mean the simple and obvious port scan, but something more sophisticated. Do you have a test suite for your firewall? If so, what tools do you use? Has the DevOps practice of automated testing reached firewalls? Is there any hope of finding holes like this one: http://arstechnica.com/security/2014/04/easter-egg-dsl-router-patch-merely-hides-backdoor-instead-of-closing-it/ (It uses a specially crafted Ethernet packet to act as a port knock that then opens up a TCP port that accepts administrative commands.) Not likely, but once it is known, a test for it could be added to a regression suite. (Although there is the complication of how you execute the test, given you need access to the Ethernet on the WAN side of your router (a server out in the cloud wont do). So you'll need a tap or a hub.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
- Follow-Ups:
- [Discuss] firewall testing
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] firewall testing
- Prev by Date: [Discuss] Opinions/Advice on router boxes w/ port forwarding
- Next by Date: [Discuss] firewall testing
- Previous by thread: [Discuss] Opinions/Advice on router boxes w/ port forwarding
- Next by thread: [Discuss] firewall testing
- Index(es):
