Great Circle Associates Firewalls
(August 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Firewall Testing Volunteers?
From: Christopher Klaus <cklaus @ iss . net>
Date: Mon, 21 Aug 1995 14:31:35 +1494730 (PDT)
To: firewalls @ greatcircle . com 

Internet Security Systems, Inc. has developed about 10 techniques for
testing firewall security.

There are many potential firewall misconfigurations.  A tool which 
attempts to exploit the vulnerabilities and let the administrator know
that their network is compromisable would be quite useful.  These 
techniques have been incorporated into Internet Scanner 3.0.

We are currently looking for some volunteer sites to test Internet Scanner
on to make the checks more bullet-proof, gather statistics about the
various existing firewalls, and to put together some kind of report
saying most firewalls were either penetratable or not and what techniques
were more successful and should be checked for on everyone's firewalls.

The benefit of being the volunteer is a free security scan of your firewall
with a report if it is vulnerable by any of these techniques.  The reports
will be confidental between ISS, Inc and your company. 

If you are intestested, please e-mail cklaus @
 iss .
 net a note with the
following information:

Your Name
Your Title and Position.
Phone number so we can contact you.
Fax number to send you a Non-disclosure agreement.
The firewall type
The vendor's name
The ip-address of the firewall.
How many machines behind the firewall and range that we can scan
to attempt to reach them. (The reason we ask this is because many
of these tests depend on if we are able to connect to hosts on the
inside of the firewall.  If you only have 1 server behind the firewall
and we aren't scanning the correct range to see if we can connect to that
server, then our tests come back false, even though the firewall may still be
insecure.)

We am looking for a wide variety of firewalls.  Also, these tests may not
reflect defects in the firewall itself but that when installing, the 
filter rules and options on the firewall were not set to a secure mode.

Cheers,
Christopher

-- 
Christopher William Klaus	     Voice: (770)441-2531. Fax: (770)441-2431
Internet Security Systems, Inc.            "Internet Scanner lets you find
2000 Miller Court West, Norcross, GA 30071   your network security holes 
Web: http://iss.net/  Email: cklaus @
 iss .
 net   before the hackers do."
Indexed By Date Previous: Re: OS/2 and firewalls?
From: "W.C. Epperson" <epperson @ vak12ed . edu>
Next: Re: Authentication before getting to the firewall
From: Marc Knepppers <knepperm @ cuug . ab . ca>
Indexed By Thread Previous: Re: Is there another alternative to sendmail/smail? upas?
From: cjc @ novell . com
Next: Re: Firewalls-Digest V4 #494
From: smb @ research . att . com
Google
 
Search Internet Search www.greatcircle.com