What is Firewall ?
A Firewall is a software or a hardware device that inspects incoming traffic and outgoing traffic on a network as per its policies, rule or the access control list (ACL).
The main role of a firewall is to separate internal network from external network (Internet or Public Network)
Policies/ Rule / ACL
These are something which allows the firewall to filter the traffic as per the admins requirements. It could be filtering traffic from certain group of nodes or blocking access to some IP ranges or assigning any protocol.
A Firewall or NGFW (Next Generation Firewall) are installed before a DMZ (Demilitarized Zone) and additional Firewalls may also be installed at supervisors end or at Intranet.
NGFW
A Next Generation Firewall is advance firewall which is used currently by every organization. It is capable of deep packet inspection which previous firewall couldn’t.
DMZ
Its a perimeter in a network that protects the organizations LAN from untrusted traffic or you can say these machines are connected to outside world before firewall scans any packets.
Why to perform VAPT on a Firewall ?
[ Vulnerability Assessment & Penetration Testing ]
It is very important to insure the security of network is protected by best rules and protocols to avoid any unauthorized access to users
So a VAPT on a firewall helps the network admin know about the Policy Flaw before an Attacker this gives the team an upper hand to patch the flaw and keep entire Network safe.
How to perform a Firewall VAPT ?
To start hunting for the Flaws in a firewall the first step should be to locate the firewall in the network and then understand its characteristics. You might come across various types of firewall or a network having multiple firewalls so that packet filtering and handling them gets much more easier.
Types you might come across:
Packet Filtering- Firewall, Circuit Level Gateways, Stateful Inspection -Firewall, Application-level Gateways, Multi layer Inspection Firewall.
- Locating
A Firewall penetration test will start with locating the firewall using a packet crafting software by creating specific IP packets containing TCP, UDP or ICMP payloads. You can use HPING or NMAP for crafting such packets. These tools have similar functionality with a minor difference;
HPING can scan one ip address at time while NMAP can do a range scan depending on the aggressiveness of scan i think HPING is much better choice to to avoid getting detected by Firewall.
- Conducting Traceroute
Be First to Comment