A comprehensive firewall testing methodology
Document Type
Conference Proceeding
Publisher
Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computing, Health and Science
RAS ID
5088
Abstract
This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn't, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping with the Security Systems Engineering Capability Maturity Model (SSECMM). This provides multiple advantages, including the capture of configuration errors, results are measurable and repeatable, assurance is developed and it can be used as a roadmap for process improvement. Sample tests are provided in the paper, but act merely as a guideline. It would be expected that the test and evaluation master plan be tailored for any specific organisation
DOI
10.4225/75/57b41c9b30df9
Access Rights
free_to_read
Comments
Brand, M. (2007, December). A Comprehensive Firewall Testing Methodology. In Australian Information Security Management Conference (p. 24). Available here