5 how much information about a network is available

Info icon This preview shows pages 3–5. Sign up to view the full content.

View Full Document Right Arrow Icon
5. How much information about a network is available from outside a network? Information concerning a network’s infrastructure aids attackers by allowing them to map internal routing and network configurations. Discovering whether this information is available to external users is thus a justifiable part of firewall testing, even though most firewalls themselves are generally unable to control the dissemination of all information from within a network. 3 Ideally firewall testing is an outgrowth of the firewall policy in that the policy can be interpreted as a set of requirements against which testing occurs. If no firewall policy exists, the meaning of the outcome of a firewall test becomes ambiguous in that no explicit requirements against which to test the firewall exist.
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6. Do the firewall and other machines within the target network generate alarms when attacks are launched? Because ability to detect attacks is one of the most valuable functions of an effective firewall. testing this ability is also an important part of firewall testing. Note that a firewall test cannot assure that a given network is secure. This test may provide some indication of the security state of a network, but, to reiterate, the focus of a firewall test is the susceptibility of the target network to externally-initiated attacks. The hosts within a network may be very poorly configured from a security perspective, and may have legions of unpatched vulnerabilities. A firewall may block all external access to these hosts, making the security of the network appear to be extremely high, yet these hosts (including the firewall host!) may be an extremely easy target for anyone who accesses them from within . Remember, too, that firewall testing that is not conducted properly can quickly get out of control and cause extremely negative consequences. Resolving issues such as obtaining management approval in advance, having detailed, written procedures and following them, allowing only people with high personal integrity to perform testing, ensuring in advance that any attack scripts used will not damage or disrupt systems, and others is every bit as important as the technical side of a firewall test (Schultz, 1996). METHODOLOGY Our firewall testing methodology consists of three related sets of activities. The first part is the penetration test involving attacks on the firewall and hosts behind the firewall. Many people view attacks upon a firewall as an end unto itself, but several additional activities can shed considerable light on the meaning of the test results. We thus include these activities as part of a complete firewall testing methodology. The second part is a design review of the firewall and the network infrastructure, and the final part consists of a firewall policy review. These three parts or activities ultimately lead to a more meaningful and useful firewall test.
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern