Yves Dherbecourt - IMA/ICI/ASR - 47653790 wrote...
> >From: doc @
com (Matthew J. D'Errico)
> >Subject: Audit firewall's strength (Was 'SEAL vs FWTK')
> >Date: Fri, 16 Dec 1994 07:56:40 -0500 (EST)
> >Evidence that in our site, the firewall was installed at 2 of 3 points
> >of presence into the Internet. After running the test suite, the 2 FWTK
> >sites passed, and the home-spun 3rd (socks, etc.) failed on one of the
> What is your test suite like ? Could you make it available ?
TIS provided their own suite, but I've since built my own set of tools
based on the tools publically available... You really need to decide which
tests to run based on what services you offer or possible more importantly
which services you *don't* offer...
Here's a clip from my archives that I used to amass my kit (apologies
to any original authors of the encompassed text for reproducing without
retaining the original credit) :
: Even though the strongest gateways contemplate a successful invasion
: of their bastion host, life is simpler if that never occurs. There
: are a number of auditing packages that can help spot configuration errors.
: The auditing function is exceedingly important even if you choose not
: to evaluate your own machines. You may rest assured that various
: ne'er-do-wells on the Internet will do it for you, with
: possibly-unpleasant results.
: The TAMU system is a collection of very useful tools. Some can be
: used to build your own firewall, others can detect attack signatures.
: The Tiger scripts can be used to assess the security of your own machines.
: net.tamu.edu /pub/security/TAMU
: COPS is another popular auditing package along the lines of the Tiger scripts.
: ftp.cert.org /pub/tools/cops
: Gene Spafford and Gene Spafford have produced a package named
: Tripwire that evaluates a system and checks for altered files and the like.
: ftp.cw.purdue.edu /pub/spaf/COAST/Tripwire
: The ISS package is a network vulnerability auditing package, along the lines
: of TAMU and our network sweep programs. It can be used to probe entire
: networks for vulnerabilities. Again, even if you choose not to run this
: package, others with less-than-pure hearts will. Closing the holes it checks
: for is vitally important.
: ISS has been recently published for the first time. It covers a number
: of fairly old holes. We expect that the public will add modules to this
: package, until it becomes a very thorough test. If we are right, we
: encourage you to keep up with these tools and run them. The Bad Guys will.
: ftp.uu.net /usenet/comp.sources.misc/volume39/iss
: aql.gatech.edu /pub/security/iss
: Crack is a well-known and widely-distributed password cracking program
: by Alec Moffat. The best way to beat password crackers is to get out of
: the game. Authentication devices are the best defense.
: Shadow password files help, but are no defense against the eavesdropper.
: If you are stuck with passwords, the best defense against bad passwords
: is a smart passwd program like passwd+. The cracklib library
: provides routines to check the safety of a proposed password.
: If none of these are used, crack your own password files and weed
: out the weak ones.
: ftp.cert.org /pub/tools/crack
: ftp.cert.org /pub/tools/cracklib
> Being able to audit firewall's strength as Cops does for host security
> is an important issue I did'nt see much about it in the list.
Not that COPS is included above...
> Yes I know,it could also be use for malicious purpose. But this kind
> of debate has already been done.
Indeed it has, but therein lies the strength, n'est ce pas ? If people
run these tests and secure against the techniques, then they can't be
used maliciously !
Re: SEAL vs FWTK
From: Yves .
fr (Yves Dherbecourt - IMA/ICI/ASR - 47653790)