Firewall Penetration Testing – Part I

Firewall Penetration Testing – Part I

A Firewall is a hardware or software program that monitors and controls the incoming and outgoing network packets/traffic based on the set of rules made. A Firewall is thus a Network Security System that helps in protecting the network environment from various forms of threats like hackers, worms, viruses, etc. that try to reach your computer through the internet. To be simple a firewall is like traffic police which controls the flow of network traffic and decides which packet to be granted entry and which packet to be denied based on the rules.  A Firewall acts as a barrier between a secured source such as an internal network and an untrusted, less secured outside network such as the internet. As firewall is indeed very important, we are going to further discuss Firewall Penetration Testing. Firewall Penetration Testing is done to know how secure we are from the outside world.

Firewall Types

There are many types of firewalls available today. Mainly it is differentiated as Software Firewall which is available in almost all the Operating Systems available today. One downfall of the software firewall is that if the Operating System has compromised then the Firewall present in the OS will also be compromised. As many other programs are also running in our system along with the Firewall there are many ways for a malicious program to enter our System through one of that Software.

A hardware-based Firewall is a firewall that is present mostly in all the broadband routers and Network cards etc. and they are more complex. The hardware-based firewall also has the software but that software runs on an optimized device to the task of running the firewall. Therefore compromising a Hardware Firewall is difficult when comparing to the Software firewall. These firewalls are mostly used to separate the most secure network from the less secure network like Server environment from the internet.

There is another type of Firewall called cloud-based firewall which is provided by many Cloud-Based Web Security Companies which are free and paid like Qualys, Zscaler, Fortinet, etc.
By the way of filtering, firewalls are further classified into few categories like

  • Packet Filtering
  • Proxy Server
  • Application Gateway

There is another specific type of Firewall called the Next-Generation Firewall.
We are not getting into details of all the different firewalls as we are focused on Firewall Penetration Testing.

Why to Go For Firewall Penetration Testing

We go for Firewall Penetration Testing because the firewall is solely responsible for all the inbound and outbound traffic and to determine which good traffic is and which is bad. Moreover, because of the technological development, we have exponential growth in the networks, network devices, and network speed (Bandwidth), and also we have seen the growth of the infrastructure of virtualization, cloud, and the web. This results in the complexity of setting up a Firewall and implementing proper security controls. It is best to conduct Firewall Penetration Testing every six months to a year depending on the changes made to the configuration.

Before we purchase or after installation of the firewall we want to evaluate the security that these devices provide. To do so we have to conduct a penetration testing of this firewall to ensure that it meets up to your expectation and deliver the security that is needed. During the testing, we not only try to penetrate but also will attempt to bypass the firewall. By this way, we can find known vulnerabilities that are present in the firewall, and also we will exploit the badly implemented security policies. So, actually speaking we are testing the firewall from a hacker’s perspective to find the vulnerabilities and exploit it.

Actually testing a firewall is limited in many ways unlike Network Penetration Testing or Web Penetration Testing which have multiple resources, tools, and exploits available. Moreover, other testings have a huge database of publically known vulnerabilities whereas Firewall testing lacks this too. So basically to test a firewall we need well knowledgeable testers to perform. The test can be conducted internally or by the vendor itself or by a third party.

Mostly while setting up a firewall the vendor too will be involved and therefore after setting up the firewall they can be allowed to test their device about which they will have proper understanding. But the drawback is they don’t think creatively like a third party and if at all they find any critical issue while testing, they won’t reveal it to the client so as to save their reputation.

After the installation, internal testing can be done by the security team of the company itself by which they can have an overview of how secure the firewall is and how well the security policies were implemented. But the important thing to notice is that none who are involved in the installation or setup or updating of the firewall should be allowed to conduct the test as they know about how they set up and what are the security policies implemented. The testing team should not be aware of the setup and policies.

Testing can be carried out by a third party who is involved in Penetration Testing and possess good knowledge and who has good expertise and reputation. Third-party testing has many advantages like

  • They don’t know anything about your infrastructure.
  • They have no idea about what type of firewall you are using and its vendor.
  • They are not at all aware of the security policies implemented.
  • They can think of a wide variety of possibilities.
  • They do Testing more or less like a hacker itself as they don’t have a single idea of the test environment they have to do the test in a way hackers does.