Upload
holt
View
24
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Wydział Elektroniki i Technik Informacyjnych. Procedure of Firewall testing and evaluation Supervisor Zbigniew A. Kotulski , Ph.D.,D.Sc. SEMINARY PRESENTATION. Agenda. Problem definition Goals of work Test environmet description Test structure Results examples Problems - PowerPoint PPT Presentation
Citation preview
Wydział Elektroniki i Technik Informacyjnych
SEMINARY PRESENTATION
Problem definition Goals of work Test environmet description Test structure Results examples Problems Conclusions
Not exist any form of such procedure (existence of RFC 3511 but
it limits only to pure firewall evaluation), IP throughput
Concurrent TCP Connection Capacity
Maximum TCP Connection Establishment Rate
Maximum TCP Connection Tear Down Rate
Denial Of Service Handling
HTTP Transfer Rate
Maximum HTTP Transaction Rate
Illegal Traffic Handling
IP Fragmentation Handling
Latency
There are speculations not facts,
Each vendor convincing about it’s
superiority.„Check Point Network Security Solutions are the market-leading choice for
securing the network infrastructure” source www.checkpoint.com
„Whatever the size, location and function of the network, Juniper Networks solutions deliver secure, best-in-class performance.” source www.juniper.net
1. Analysis of contemporary UTM market in seek of optimal technologies and solutions,
I defined following ways to fulfill this aim: analysis of architecture of such kind of devices , comparison particular functionalities with similar
stand-alone appliances , analysis of the market in seek for devices which
comply requirements of the highest security requirements ,
2. Evaluation of previously selected devices in specially prepared environment:
I defined following steps to fulfill this aim: initial configuration of devices for further
tests, preparation of test scenarios seek of auxiliary
software needed to fulfill scenarios requirements,
preparation of own supplementary scripts, analysis of received results,
3. Preparation of procedure on a basis of results analysis obtained from previously selected device evaluation .
TC1.1 - audit sub-procedure, TC1.2 - pen test sub-procedure, TC1.3 - attack resistance sub-procedure, TC1.4 - system scanning sub-procedure, TC2.1 - virtual private network mechanism evaluation
sub- procedure, TC2.2 - antivirus, spam , content filtering mechanism
evaluation sub-procedure, TC2.3 - rule set evaluation sub-procedure.
Generally tests were divided into two scenarios: •tests which aim was to measure the performance and behavior of the appliance according to traffic passing through the firewall,•tests which aim was to measure the performance, behavior and features of appliance according to traffic directed to the UTM directly.
Network configuration was based on one of the schemas defined by RFC 3511 (Benchmarking Methodology for Firewall Performance) which defines some milestones of testing firewall performance
tests concerning resistance of the system against reconnaissance attacks , deny of service attacks, brute force attacks , sql injection attacks, cross-site-scripting attacks and attack based on discovered vulnerabilities of the system,
tests evaluating proper hardening of the operation system : checking right privilege distribution, file structure, user privilege distribution, resource (random access memory, central processing unit access time, password files, configuration information) protection mechanisms embedded into the system,
tests concerning attempts to capture a confidential information from the unprivileged user level based on attempts to tries to get access to specific catalogues, execution system commands, attempts to interfere in proper behavior of the system and attempts to compile or execute a malicious code on the evaluated system,
tests evaluating efficiency of anti-spam mechanism using specially made different types of e-mail messages: advertisement spam , phishing spam, picture spam,
tests evaluating anti-virus mechanism using specially generated file packages which contained different combinations and types of files with connection with virus test files, different level of nesting archives, files password protected,
tests evaluating efficiency of intrusion detection system mechanism based on estimation of the appliance behavior under network attack,
tests evaluating efficiency of the VPN mechanism on a resource usage basis.
if the firewall works in spited or joined management (ex. Check Point Smart Server Center may be embedded to the appliance or works on separate machine,
if the firewall uses external servers like syslog to send or receive information,
if the firewall uses secured way of communication with policy server,
if the firewall uses a secured way of communication with other auxiliary servers,
if the policy server configuration is secured – there is no lick allowing compromising the firewall.
what (if defined ) is the number of rules recommended, what is the order in which the firewall proceeds the rules set ( to the
first match ex. Checkpoint , to group match ex. ISA server, if the rules ale proceed in groups (zones ) ex. Juniper,
if any particular actions are prioritized over the others, how the additional actions are impacting the performance (ex.
counting in Check Point firewall rules can significantly decrease the performance),
how the traffic is spread over the rule set – if the most used are placed on the start of firewall proceed path,
if the rule set is optimized – do not exist divided rules which can spitted together,
if there do not exist implied rules which do not officially appear in the rule set but filter the traffic additionally,
if there exist firewall protecting hidden rule set filtrating the traffic directed to firewall itself
name of the system, analysis of how the space of the disk is distributed
through the partitions, analysis of the starting scripts, analysis of services started from xinetd.conf, users and groups defined in the system, analysis of unmask value parameter, analysis of shells in the system, configuration of PATH variable configuration, analysis of restrictions set in PAM module, analysis of system logging module (if exist), analysis of system auditing module (if exist),
analysis of system privileges access to catalogues (generally files with bit SUID enabled),
analysis of privileges to most valuable to the system files, analysis of privileges of accessing the cron’s files, analysis of processes working in the system, analysis of network configuration.
Goodday Sir/Madam,
On Sunday December 26th 2004 at about 9:00 am, the world witnessed a
natural disaster. A quake measuring 9.0 on the ritcher scale occurred at
the bottom of the Indian Ocean close to the Island of Sumatra, North East
Indonesia.
Resulting Tsunamis from the quake caused destruction of lives andproperties never before experienced in modern history. Reports say
this isthe strongest quake in 40 years with its energy equal to 9,500
Hiroshimabombs.So far 155,000 people have been officially reported dead, of
thisfigure 27 are Britons, 79,900 Indonesians and 27,268 from Sri
Lanka.Indiarecorded over 6,000 dead and Thailand over 10,000. The Swedish
PrimeMinister says about 1,000 Swedish tourists have died so far, and the
deathtoll is still on the increase.
The British public has so far donated 21million pounds, with 10millionraised overnight. The British government has also pledged 15millionpounds; the EU has pledged $4m dollars and other Internationalorganizations pledging sums of money.
Your financial contribution towards getting medical supplies and food{which are the most important needs} now is highly solicited. We alongsideover 30 emergency relief agencies irrespective of race or religion areworking in conjunction with the W.H.O to avert an epidemic of cholera andother water borne diseases.
Presently,over 5 million people in South Asia are without food or water.The UN health agency requires over 68million pounds to forestall anoutbreak of disease in a couple of days, which could be an even biggerdisaster. Please send your Contributions/Donations no matter how small,via WESTERN UNION MONEY TRANSFER TO
Name: GREGORY OVIENRIAAddress:Netherland.
Difficulty in hiring needed equipment
Difficulty in getting evaluation licenses
Problems with suiting proper test software
Problems with lab establishment 1)Netscreen has a predefined labels - functions binded to interfaces and I needed 4 so I had to change the
default function of one of the interfaces to make possible syslog mechanism to work
2) device didn't accepted the licenses - upgrade of os was needed
3) device didn't want to load database of DI
Obtained: Market evaluation Test software found or created Benchamark lab environment created and
tested Benchamark scenarios created Benchamark results obtained Advanced methodology created Clear and precise procedure created