On Wed, Feb 05, 2003 at 11:56:42AM -0500, dsr@tao.merseine.nu wrote: > On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote: > > Hello I am about to make the Proxy/Firewall on your > > www.aboutdebian.com web site. I was wondering how to go about testing > > it when finished. I have multiple computers and various internet > > connections. > (...) > > Run an nmap scan over the test box and make sure it is consistent with > your firewall config. > Note that nmap (or nessus for that matter) will only determine the security of the proxy/firewall itself (if pointed at it) and not of the computers _behind_ it. You have to also port scan the boxes behind to determine if they are properly protected by the firewall. A nice document on firewall testing would be CERT's: http://www.cert.org/security-improvement/practices/p060.html or Eugene Schultz's www.cerias.purdue.edu/homes/firewall/references/fwtest.doc Also you could use a tool to test you firewall rules from inside/out such as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/. Is anyone aware of similar ones? (packaged in Debian?) Regards Javi
Attachment:
pgpU6WP4PxnPg.pgp
Description: PGP signature