firewall security test



  • Hello, I am setting up a test environment with two firewall, to create a dmz, I would like some ideas, to do this security test in the current environment (there is only one firewall) and in the test environment that has two firewall and dmz (firewall pfsense and aker) thanks.



  • Define "security". That's a broad category. However, the first step would be port scans, with either nmap or from www.grc.com



  • I am doing an article, I would like to show in this article, what has improved from one environment to another, make a comparison between them. And show how the DMZ environment is much safer than the old (environment without dmz with just a firewall)



  • @ricardo-zorek-daniel said in firewall security test:

    I am doing an article, I would like to show in this article, what has improved from one environment to another, make a comparison between them. And show how the DMZ environment is much safer than the old (environment without dmz with just a firewall)

    There are a few pieces to this, IMHO.

    First, you need to academically describe what you are setting up and why. Why is a DMZ better, conceptually, than just one firewall or your current set up? A list of pros/cons of each.

    Second, you'd need to get into the details of the specific configuration. There are many ways to set up a DMZ, how specifically are you setting yours up? I've seen folks set up a DMZ that can only respond to WAN connection, but the DMZ could initiate connections into the LAN. Is this your setup, or are you going to configure it where the DMZ can only respond to incoming connections over specific ports from the WAN/LAN? So this part would be where you demonstrate the resiliency of your architecture.

    Third, then you could perform some kind of canned test to demonstrate that you've set everything up properly. This part really isn't as important as the second part. It just verifies that you've configured the devices to the specifications of your proposed architecture. If you have a specific vulnerability that you want to exploit in a different architecture to demonstrate your superior architecture, then maybe that would have some value.

    Just my thoughts...



  • I'm doing this in a real (real) way, in a company. This company had problems of intrusion (violation) through a CRM server (data shared inside and outside the company) I mounted a virtual environment, added a firewall (PFSENSE) those servers that have external access. This would be my DMZ, soon after the firewall (already existing in the AKER company) and wanted to bar all external accesses from that line forward.

    I have already written the part of the article academically. Now my difficulty is to demonstrate what I have done and what will happen to improvements from the implementation of this DMZ