Firewall checklist and cyber security tools
Introduction
Firewalls are essential security tools that protect organizations from cyber attacks. However, even the most robust firewall systems can be vulnerable to attacks if they are not tested regularly. Firewall testing is crucial to ensure that the firewall is functioning optimally and all vulnerabilities are detected and addressed. This blog post discusses the firewall testing checklist and the cyber security tools that can help organizations maintain a secure network.
Firewall Testing Checklist
The firewall testing checklist is a comprehensive list of tests that must be performed to ensure the firewall’s effectiveness. The checklist includes the following tests:
1. Firewall Rule Review
The firewall rules must be reviewed to ensure that they are up-to-date and align with the organization’s security policy. The rules must be checked for any inactive, redundant, or unnecessary rules that could create security loopholes.
2. Penetration Testing
Penetration testing involves simulating cyberattacks to identify vulnerabilities in the firewall. It is essential to conduct penetration testing regularly to ensure that the firewall can withstand different types of attacks.
3. Port Scanning
Port scanning is the process of scanning all the ports on a firewall to identify any open ports. Open ports could be a potential entry point for cybercriminals. Port scanning must be done regularly to detect any unauthorized open ports.
4. Firewall Updates and Patches
Firewall updates and patches must be applied regularly to address any new vulnerabilities that are discovered. These updates must be tested before implementation to ensure that they do not cause any conflicts with the existing firewall configuration.
Summary
- Port scanning Tool: Nmap (
https://nmap.org/
) - OS fingerprinting Tool: Xprobe2 (
http://xprobe.sourceforge.net/
) - Firewall rule testing Tool: Firewalk (
https://github.com/defunkt/firewalk
) - Packet fragmentation evasion Tool: Fragroute (
https://github.com/plitex/fragroute
) - IP spoofing Tool: Hping3 (
https://github.com/antirez/hping
) - Protocol-specific evasion Tool: Metasploit Framework (
https://www.metasploit.com/
) - ICMP tunneling Tool: ICMPTX (
http://thomer.com/icmptx/
) - DNS tunneling Tool: Dns2tcp (
https://github.com/alex-sector/dns2tcp
) - HTTP tunneling Tool: HITPTunnel (
https://github.com/larsbrinkhoff/httptunnel
) - IPv6 tunneling Tool: Teredo (
https://tools.ietf.org/html/rfc4380
) - ARP spoofing: Tool: Ettercap (
https://www.ettercap-project.org/
) - SSL/TLS interception: Tool: SSLstrip (
https://github.com/moxie0/ssIstrip
) - SSL/TLS decryption: Tool: Wireshark (
https://www.wireshark.org/
) - SSH tunneling Tool: OpenSSH (
https://www.openssh.com/
) - Proxy server evasion Tool: Proxychains (
https://github.com/roflOr/proxychains-ng
) - TOR network evasion Tool: Tor Browser (
https://www.torproject.org/
) - Web application firewall (WAF) testing Tool: Wafwoof (
https://github.com/EnableSecurity/wafw00f
) - Session hijacking Tool: Cookie Cadger (
https://github.com/cookiecadger/CookieCadger
) - Man-in-the middle attack Tool: Bettercan (
https://www.bettercap.org/
) - VPN detection: Tool lodine (
https://github.com/varrick/iodine
) - Firewall evasion using encrypted payloads Tool: Veil-Evasion (
https://github.com/NeilFramework/Veil
) - Application-level evasion using SQL injection Tool: SOLMap (
https://sqlmap.org/
) - Application level evasion using Cross-Site Scripting (XSS) Tool: XSSer. (
https://github.com/epsylon/xsser
) - File type and extension evasion Tool: FuzzDB (
https://github.com/fuzzdb-project/fuzzdb
)
Open Source cyber security tools
Top 26 Open Source cyber security tools
- Zeek: (
https://zeek.org/
) - Network Security Monitoring - ClamAV: (
https://www.clamav.net/
) - Antivirus - OpenVAS: (
https://www.openvas.org/
) - Vulnerability Scanner - TheHive: (
https://thehive-project.org/
) - Incident Response - PFSense: (
https://www.pfsense.org/
) - Security appliance (firewall/VPN/router) - Elastic: (
https://www.elastic.co/
) - Analytics - Osquery: (
https://www.osquery.io/
) - Endpoint visibility - Arkime: (
https://arkime.com/
) - Packet capture and search - Wazuh: (
https://wazuh.com/
) - XDR and SIEM - Alien Vault Ossim: (
https://cybersecurity.att.com/
) - SIEM - Velociraptor: (
https://docs.velociraptor.app/
) - Forensic and IR - MISP project: (
https://www.misp-project.org/
) - Information sharing and Threat Intelligence - Kali: (
https://www.kali.org/
) - Security OS - Parrot: (
https://www.parrotsec.org/
) - Security OS - OpenIAM: (
https://www.openiam.com/
) - IAM - Yara: (
https://virustotal.github.io/yara/
) - Patterns - Wireguard: (
https://www.wireguard.com/
) - VPN - OSSEC: (
https://www.ossec.net/
) - HIDS - Suricata: (
https://suricata.io/
) - IDS/IPS - Shuffler: (
https://shuffler.io/
) - SOAR - Phish Report: (
https://phish.report/
) - Anti Phishing - Graylog: (
https://www.graylog.org/products/source-available/
) - Logmanagement - Trivy: (
https://www.aquasec.com/products/trivy/
) - DevOps/IaC Scanning - OpenEDR: (
https://openedr.com/
) - EDR - Metasploit: (
https://www.metasploit.com/
) - Pentest - NMAP: (
https://nmap.org/
) - Old but gold
Small world. Big idea!
- Welcome to visit the knowledge base of SRE and DevOps!
- License under CC BY-NC 4.0
- No personal information is collected
- Made with Material for MkDocs and generative AI tools
- Copyright issue feedback me#imzye.com, replace # with @
- Get latest SRE news and discuss on Discord Channel