On Wed, Feb 05, 2003 at 11:56:42AM -0500, [EMAIL PROTECTED] wrote:
> On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote:
> > Hello I am about to make the Proxy/Firewall on your
> > www.aboutdebian.com web site. I was wondering how to go about testing
> > it when finished. I have multiple computers and various internet
> > connections.
>
(...)
>
> Run an nmap scan over the test box and make sure it is consistent with
> your firewall config.
>
Note that nmap (or nessus for that matter) will only determine the
security of the proxy/firewall itself (if pointed at it) and not of the
computers _behind_ it.
You have to also port scan the boxes behind to determine if they
are properly protected by the firewall.A nice document on firewall testing would be CERT's: http://www.cert.org/security-improvement/practices/p060.html or Eugene Schultz's www.cerias.purdue.edu/homes/firewall/references/fwtest.doc Also you could use a tool to test you firewall rules from inside/out such as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/. Is anyone aware of similar ones? (packaged in Debian?) Regards Javi
pgpD1aCF7SIlH.pgp
Description: PGP signature
