Skip to content

Firewall checklist and cyber security tools

Introduction

Firewalls are essential security tools that protect organizations from cyber attacks. However, even the most robust firewall systems can be vulnerable to attacks if they are not tested regularly. Firewall testing is crucial to ensure that the firewall is functioning optimally and all vulnerabilities are detected and addressed. This blog post discusses the firewall testing checklist and the cyber security tools that can help organizations maintain a secure network.

Firewall Testing Checklist

The firewall testing checklist is a comprehensive list of tests that must be performed to ensure the firewall’s effectiveness. The checklist includes the following tests:

1. Firewall Rule Review

The firewall rules must be reviewed to ensure that they are up-to-date and align with the organization’s security policy. The rules must be checked for any inactive, redundant, or unnecessary rules that could create security loopholes.

2. Penetration Testing

Penetration testing involves simulating cyberattacks to identify vulnerabilities in the firewall. It is essential to conduct penetration testing regularly to ensure that the firewall can withstand different types of attacks.

3. Port Scanning

Port scanning is the process of scanning all the ports on a firewall to identify any open ports. Open ports could be a potential entry point for cybercriminals. Port scanning must be done regularly to detect any unauthorized open ports.

4. Firewall Updates and Patches

Firewall updates and patches must be applied regularly to address any new vulnerabilities that are discovered. These updates must be tested before implementation to ensure that they do not cause any conflicts with the existing firewall configuration.

Summary

  1. Port scanning Tool: Nmap (https://nmap.org/)
  2. OS fingerprinting Tool: Xprobe2 (http://xprobe.sourceforge.net/)
  3. Firewall rule testing Tool: Firewalk (https://github.com/defunkt/firewalk)
  4. Packet fragmentation evasion Tool: Fragroute (https://github.com/plitex/fragroute)
  5. IP spoofing Tool: Hping3 (https://github.com/antirez/hping)
  6. Protocol-specific evasion Tool: Metasploit Framework (https://www.metasploit.com/)
  7. ICMP tunneling Tool: ICMPTX (http://thomer.com/icmptx/)
  8. DNS tunneling Tool: Dns2tcp (https://github.com/alex-sector/dns2tcp)
  9. HTTP tunneling Tool: HITPTunnel (https://github.com/larsbrinkhoff/httptunnel)
  10. IPv6 tunneling Tool: Teredo (https://tools.ietf.org/html/rfc4380)
  11. ARP spoofing: Tool: Ettercap (https://www.ettercap-project.org/)
  12. SSL/TLS interception: Tool: SSLstrip (https://github.com/moxie0/ssIstrip)
  13. SSL/TLS decryption: Tool: Wireshark (https://www.wireshark.org/)
  14. SSH tunneling Tool: OpenSSH (https://www.openssh.com/)
  15. Proxy server evasion Tool: Proxychains (https://github.com/roflOr/proxychains-ng)
  16. TOR network evasion Tool: Tor Browser (https://www.torproject.org/)
  17. Web application firewall (WAF) testing Tool: Wafwoof (https://github.com/EnableSecurity/wafw00f)
  18. Session hijacking Tool: Cookie Cadger (https://github.com/cookiecadger/CookieCadger)
  19. Man-in-the middle attack Tool: Bettercan (https://www.bettercap.org/)
  20. VPN detection: Tool lodine (https://github.com/varrick/iodine)
  21. Firewall evasion using encrypted payloads Tool: Veil-Evasion (https://github.com/NeilFramework/Veil)
  22. Application-level evasion using SQL injection Tool: SOLMap (https://sqlmap.org/)
  23. Application level evasion using Cross-Site Scripting (XSS) Tool: XSSer. (https://github.com/epsylon/xsser)
  24. File type and extension evasion Tool: FuzzDB (https://github.com/fuzzdb-project/fuzzdb)

Open Source cyber security tools

Top 26 Open Source cyber security tools

  1. Zeek: (https://zeek.org/) - Network Security Monitoring
  2. ClamAV: (https://www.clamav.net/) - Antivirus
  3. OpenVAS: (https://www.openvas.org/) - Vulnerability Scanner
  4. TheHive: (https://thehive-project.org/) - Incident Response
  5. PFSense: (https://www.pfsense.org/) - Security appliance (firewall/VPN/router)
  6. Elastic: (https://www.elastic.co/) - Analytics
  7. Osquery: (https://www.osquery.io/) - Endpoint visibility
  8. Arkime: (https://arkime.com/) - Packet capture and search
  9. Wazuh: (https://wazuh.com/) - XDR and SIEM
  10. Alien Vault Ossim: (https://cybersecurity.att.com/) - SIEM
  11. Velociraptor: (https://docs.velociraptor.app/) - Forensic and IR
  12. MISP project: (https://www.misp-project.org/) - Information sharing and Threat Intelligence
  13. Kali: (https://www.kali.org/) - Security OS
  14. Parrot: (https://www.parrotsec.org/) - Security OS
  15. OpenIAM: (https://www.openiam.com/) - IAM
  16. Yara: (https://virustotal.github.io/yara/) - Patterns
  17. Wireguard: (https://www.wireguard.com/) - VPN
  18. OSSEC: (https://www.ossec.net/) - HIDS
  19. Suricata: (https://suricata.io/) - IDS/IPS
  20. Shuffler: (https://shuffler.io/) - SOAR
  21. Phish Report: (https://phish.report/) - Anti Phishing
  22. Graylog: (https://www.graylog.org/products/source-available/) - Logmanagement
  23. Trivy: (https://www.aquasec.com/products/trivy/) - DevOps/IaC Scanning
  24. OpenEDR: (https://openedr.com/) - EDR
  25. Metasploit: (https://www.metasploit.com/) - Pentest
  26. NMAP: (https://nmap.org/) - Old but gold
Feedback