Date Added: Jan 2009
Firewall testing is one of the most useful of a set of alternatives for evaluating the security effectiveness of a firewall. A major advantage of firewall testing is being able to empirically determine how secure a firewall is against attacks that are likely to be launched by network intruders. This paper advances the view that firewall testing should examine not only the ability of a firewall to resist attacks from external sources, but also the defenses of the entire network that the firewall protects against external threats. SRI Consulting's firewall testing procedures include penetration testing, a design review, and policy evaluation.