https://purplesec.us/firewall-penetration-testing/

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7dfa517f-abd3-48d3-bf01-385d9e9d5b87/Firewall-Penetration-Testing-Steps-Methods-And-Tools.png

A firewall is one of the first lines of defense in preventing cyber attacks. Naturally, this presents an opportunity for penetration testers and threat actors alike, to attempt exploits that would compromise a network’s security.

There are 13 steps to firewall penetration testing, which include locating the firewall, conducting tracerroute, scanning ports, banner grabbing, access control enumeration, Identifying the firewall architecture, testing the firewall policy, firewalking, port redirection, internal and external testing, testing for covert channels, HTTP tunneling, and identifying firewall specific vulnerabilities.

In this article, I’m going to share my methodology for performing a comprehensive firewall penetration test. By the end, you’ll have a better understanding of how to holistically protect your business from cyber attacks.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d1b727ab-c39b-4366-bf98-896593f57832/IT-Security-Policy-Template-download.png

Article Navigation

Untitled

What Is A Firewall?

A firewall is a software or hardware device that inspects incoming and outgoing traffic on a network. Based on a predetermined set of policies and rules, or an access control list (ACL), the firewall filters and restricts all connections that do not abide by those rules. The main purpose of a firewall is to separate trusted networks from the external network or the internet.

In order to accomplish this, a firewall is typically placed in the DMZ (demilitarized zone). Additional firewalls may be placed in front of a business’s internal network, or intranet. Or, in front of supervisory control and data acquisition (SCADA), which support systems that run industrial organizations such as nuclear power plants.

What Are Next Generation Firewalls?

There are many types of firewalls and each model has different functionalities. The main progress that was made with regards to firewall capabilities is the introduction of Next Generation Firewalls (NGFW).

Traditional firewalls couldn’t engage in stateful packet inspection but were rather only analyzing network traffic based on the IP address and port number of the packets without taking into consideration previous traffic that passed through the firewall.

With the introduction of NGFW, dynamic packet filtering was a reality and enabled all active connections to be monitored along with the state of the connections. This additional information is used in aiding in the process of determining access.

Firewall Policies

When deploying any firewall, a certain set of policies and rules need to be configured in order to adequately ensure the security of the network perimeter. Policies and rules allow for certain type of network traffic to be blocked or allowed.