Article

Article title METHODOLOGY FOR TESTING AND ASSESSMENT OF FIREWALLS
Authors A.G. Bogoras, O.Yu. Peskova
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 12, 2013 @en
Index UDC 004.054
DOI
Abstract In article the main Russian and foreign techniques of an assessment of security of information systems in the annex to the analysis of firewalls are considered. The necessity of developing the methodology of testing firewalls both in the laboratory and in the real system is shown. Analysis was performed for the following test methods for information security: OSSTMM – The Open Source Security Testing Methodology Manual, NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment, ISSAF – Information System Security Assessment Framework. In addition, we analyzed the following methods of penetration testing: methods of Positive Technology, technique Digital Security, BSI - Study A Penetration Testing Model, PTES – Penetration Testing Execution Standard – Technical Guidelines. The basic steps of techniques are described, comparison on various indicators is carried out them. The author"s technique of testing and assessment of firewalls is presented. The list of vulnerabilities that can be found by means of the developed technique is provided.

Download PDF

Keywords Firewall; firewall testing; pretesting; security assessment techniques.
References 1. Positive Technologies – безопасность, консалтинг, compliance management [Электронный ресурс] // Positive Technologies [сайт]. URL: http://www.ptsecurity.ru/services/pen/ technological (дата обращения 20.10.2013).
2. Digital Security: N1 в аудите безопасности [Электронный ресурс]. // Digital Security [сайт]. URL: http://dsec.ru/consult/test/#why (дата обращения 20.10.2013).
3. Herzog P. OSSTMM – The Open Source Security Testing Methodology Manual. – USA, New York, 13.12.2006. –129 p. URL: http://www.isecom.org/research/osstmm.html (дата обращения: 20.10.2013).
4. Scarfone К., Hoffmann P. NIST Special Publications 800-41 Guidelines on Firewall and Firewall Policy. – USA, Gaithersburg, 09.2009. – 48 p. URL: http://csrc.nist.gov/publications/
nistpubs/800-41-Rev1/sp800-41-rev1.pdf (дата обращения 20.10.2013).
5. Scarfone К., Souppaya М., Cody А., Orebaugh А. NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment. – USA, Gaithersburg, 09.2008. – 80 p. URL: http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf (дата обращения 20.10.2013).
6. BSI – Study A Penetration Tesing Model / Germany, Bonn. – 111 р. URL: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/
Publications/Studies/Penetration/penetration_pdf.pdf?__blob= publicationFile (дата обращения: 20.10.2013).
7. Rathore B. и др. ISSAF – Information System Security Assesment Framework. – 30.04.2006. – 1264 p. URL: http://www.oissg.org/issaf02/issaf0.1-5.pdf (дата обращения 20.10.2013).
8. Nickerson С. и др. The Penetration Testing Execution Standard. – 30.04.2012 [Электронный ресурс] // Penetration Testing Execution Standarts [сайт]. URL: http://www.pentest-
standard.org/index.php/PTES_Technical_Guidelines (дата обращения 20.10.2013).

Comments are closed.