Some of the most basic questions that firewall

Info icon This preview shows pages 3–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Some of the most basic questions that firewall testing should answer are: 1. Does the firewall properly enforce an organization’s firewall policy? 3 The rules that determine whether a firewall accepts or denies incoming traffic are embodied in a firewall policy. An effective firewall is, among other things, a correct implementation of this policy (Power, 1995). Testing to determine whether or not the implementation is congruent with the firewall policy is certainly one of the most fundamental issues. Some policies, however, are so poorly formulated that they cannot be tested. If the policy says, for example, that "The network shall be resistant to all external attacks," then the firewall test cannot verify compliance. If in contrast the firewall policy says, "The network shall not allow external NFS traffic," then a firewall test can indeed verify compliance. 2. Do the firewall and other components within a network properly enforce an organization’s network security policy? A firewall policy is certainly critical, but a good firewall policy is only one part of an overall network security policy. The network security policy should specify which services should be available, both internally (within the network) and externally, whether or not source routing is allowed, the baseline level of security controls for hosts within the network, the security maintenance policies to be followed, and so forth. Because a firewall host is a component within a network, it is subject to the security standards and guidelines that apply to the network. Every network component that affects enforcement of the network security policy should be tested. A firewall test should also reflect this consideration. 3. Independently of all other considerations, how well does the firewall and other network components provide protection against externally initiated attacks? To what specific attacks are the firewall and other network components vulnerable? The firewall and network security policies may have omissions that can leave a correctly implemented firewall wide open to attacks. Firewall testing can provide a reasonable indication of the ability to resist attacks and can lead to identification of such policy omissions. 4. How effective is the network’s security perimeter? Does leakage, an access route to a network that bypasses the firewall’s defenses, exist? The firewall itself may be perfectly secure, but if an organization’s research and development function runs its own T1 link to the Internet, the firewall is of very limited value. The firewall testing team's job should ideally be to find the line set up by the research and development function and run through the internal networks, then attack the firewall from the inside. Finding leakage may not necessarily involve testing the firewall exclusively, but nevertheless in many cases should constitute an important part of a firewall test.
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern