Firewalls: Re: firewall testing and penetration

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: firewall testing and penetration
From:	Terry Bernstein <terry_bernstein @ sri . com>
Date:	Tue, 8 Oct 1996 17:31:14 -0700
To:	Reto Haeni <reto @ seas . gwu . edu>
Cc:	firewalls @ greatcircle . com
In-reply-to:	<199610080302 . XAA29884 @ seas . gwu . edu>

Take a look at our recently released book, "Internet Security For
Business".  The first half covers policy type business issues which may be
of interest to you.  The second half covers more technical aspects of
Internet security.  It should be in most bookstores, or try the the Wiley
Web page at http://www.wiley.com/compbooks/catalog/07/13752-9.html

-- terry --

At 8:03 PM -0700 10/7/96, Reto Haeni wrote:
>I am writing on a paper on firewall testing and penetration.
>I attach my outline (subject to change as always :)  ) at the
>end of this message.
>
>One of the subject in the paper will be what Security Policies
>have to include and what not. For this I would be grateful if
>you could point me to good existing security policies and/or to
>sources how to formulate them.
>
>Another part will contain how to test/penetrate firewalls. There,
>I am still looking for additional information, mainly about the dangers
>of open services (proxies).
>
>I dont expect that you solve my problems (well, if you would insist.... :)  )
>but a few hints would be appreciated that I dont get lost in the
>theoretical details.
>
>greetings and TIA
>
>Reto
>-------------------------------------------------------------------------------
>-
>Penetration/Testing of Firewalls
>
>1. Security policies
>	- what they should contain
>	- what they should not contain
>
>2. Gaining information on the target Network/Host/Firewall
>	- probing techniques
>	- tools
>
>3. Firewall penetration in general
>	- overload
>        - bad packets
>	- packet filter approach (IP spoofing..)
>	- approach to proxy's
>
>4. Policy decisions and its consequences
>	(possible attachks in relation to open services)
>	- e-mail
>	- ftp
>	- telnet
>	- rexec
>	- NNTP
>	- http
>	- finger/whois
>	- DNS
>	- NW management services
>		SNMP
>		RIP
>		ping
>		traceroute
>	- NTP
>	- NFS
>
>
>5. Security incidents
>	- responding to an incident
>	- tracking down an intruder
>	- policy issues when an incident occured
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>      Reto E. Haeni
>Cyberspace Policy Institute         The George Washington University
> 2033 K Str. NW Suite 340N      School of Engineering and Applied Science
>   Washington DC 20006
>
> ph (202) 994-5512 (We, Th)
>                                        http://www.cpi.seas.gwu.edu/
>    reto @
 seas .
 gwu .
 edu                   http://www.seas.gwu.edu/student/reto/
>
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/


----------
Terry Bernstein
SRI Consulting
terry_bernstein @
 sri .
 com
http://www.ice.sri.com/~terry
<mailto: tbernstein @
 sri .
 com>

References:

firewall testing and penetration
From: Reto Haeni <reto @ seas . gwu . edu>

Indexed By Date	Previous:	IPX-TCP/IP Firewall Support From: "Richard.Ford" <Richard . Ford @ fujitsu . com . au>
Indexed By Date	Next:	[no subject] From: R <rtadams @ texas . net>
Indexed By Thread	Previous:	Re: firewall testing and penetration From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Next:	[no subject] From: sysop @ idealbbs . mandic . com . br