Firewall Penetration Testing – Part I
A Firewall is a hardware or software program that monitors and controls the incoming and outgoing network packets/traffic based on the set of rules made. A Firewall is thus a Network Security System that helps in protecting the network environment from various forms of threats like hackers, worms, viruses etc. that tries to reach your computer through the internet. To be simple a firewall is like a traffic police which controls the flow of network traffic and decides which packet to be granted entry and which packet to be denied based on the rules. A Firewall acts as a barrier between a secured source such as internal network and untrusted, less secured outside network such as the internet. As firewall is indeed very important, we are going to further discuss Firewall Penetration Testing. Firewall Penetration Testing is done to know how secure we are from the outside world.
There are many types of firewall available today. Mainly it is differentiated as Software Firewall which is available in almost all the Operating System available today. One downfall of the software firewall is that if the Operating System is compromised then the Firewall present in the OS will also be compromised. As many other programs are also running in our system along with the Firewall there are many ways for a malicious program to enter our System through one of that Software.
Hardware-based Firewall is the firewall that is present mostly in all the broadband routers and Network cards etc. and they are more complex. The hardware-based firewall also has the software but that software runs on an optimized device to the task of running the firewall. Therefore compromising a Hardware Firewall is difficult when comparing to the Software firewall. These firewalls are mostly used to separate the most secure network from the less secure network like Server environment from the internet.
There is another type of Firewall called cloud-based firewall which is provided by many Cloud-Based Web Security Companies which are free and paid like Qualys, Zscaler, Fortinet etc.
By the way of filtering firewalls are further classified into few categories like
- Packet Filtering
- Proxy Server
- Application Gateway
There is another specific type of Firewall called Next Generation Firewall.
We are not getting into details of all the different firewalls as we are focussed on Firewall Penetration Testing.
Why to Go For Firewall Penetration Testing
We go for Firewall Penetration Testing because the firewall is solely responsible for all the inbound and outbound traffic and to determine which a good traffic is and which is bad. Moreover because of the technological development we have an exponential growth in the networks, network devices and network speed (Bandwidth) and also we have seen the growth of the infrastructure of virtualization, cloud, and the web. This results in the complexity of setting up of a Firewall and implementing proper security controls. It is best to conduct Firewall Penetration Testing every six months to a year depending on the changes made to the configuration.
Before we purchase or after installation of the firewall we want to evaluate the security that these devices provide. To do so we have to conduct a penetration testing of this firewall to ensure that it meets up to your expectation and deliver the security that is needed. During the testing, we not only try to penetrate but also will attempt to bypass the firewall. By this way, we can find known vulnerabilities that are present in the firewall and also we will exploit the badly implemented security policies. So, actually speaking we are testing the firewall in a hacker’s perspective to find the vulnerabilities and exploit it.
Actually testing a firewall is limited in many ways unlike Network Penetration Testing or Web Penetration Testing which have multiple resources, tools and exploits available. Moreover, other testings have a huge database of publically known vulnerabilities whereas Firewall testing lacks this too. So basically to test a firewall we need good knowledgeable testers to perform. The test can be conducted internally or by the vendor itself or by a third party.
Mostly while setting up a firewall the vendor too will be involved and therefore after setting up the firewall they can be allowed to test their device about which they will have proper understanding. But the drawback is they don’t think creatively as like a third party and if at all they find any critical issue while testing, they won’t reveal it to the client so as to save their reputation.
After the installation, internal testing can be done by the security team of the company itself by which they can have an overview of how secure the firewall is and how well the security policies were implemented. But the important thing to notice is that none who are involved in the installation or setup or updating of the firewall should be allowed to conduct the test as they know about how they setup and what are the security policies implemented. The testing team should not be aware of the setup and policies.
Testing can be carried out by a third party who are involved in Penetration Testing and possess good knowledge and who has good expertise and reputation. Third party testing has many advantages like
- They don’t know anything about your infrastructure.
- They have no idea about what type of firewall you are using and its vendor.
- They are not at all aware of the security policies implemented.
- They can think of a wide variety of possibilities.
- They do Testing more or less like a hacker itself as they don’t have a single idea of the test environment they have to do the test in a way hackers does.
In the next article we will discuss about various types of Firewall Penetration Testing Methods