How Do You Know That the Firewall Is Secure?

The problem with security is that the environment, either internal or external, is always changing. As soon as a bug in an OS or network application is found and exploited by mischievous persons, someone comes out with a fix. As soon as the fix is applied, something else crops up. When you set up a firewall to protect yourself from those who might do harm to your network, you must perform tests to be sure that it does what you think it does.

The problem with testing, however, is that you already know what you are looking for when you create and execute the test. It's what you don't know that can cause problems. To keep on top of things, you should continue to monitor the data collected by any auditing or logging functions the firewall provides to make sure that it is working as you expect. Look for attempts to breach the firewall and watch for unusual activity. You might find that you can stop an attack before it succeeds. Using other tools, such as Tracert, you might be able to locate the perpetrator and handle the matter using legal means.

Tip

To help determine the security of your system, visit the Gibson Research website at www.grc.com and click the Shields Up! icon. Shields Up! can perform several tests to verify system security. If your system fails any of these tests, Shields Up! provides suggestions for improving system security.

No RFCs define what a firewall must do or how it should do it. You can contact several organizations on the Internet to get information about current firewall and security software. Appendix C, "Internet Resources for Network Administrators," contains a list of some interesting sites related to network security and firewalls that might help you decide what kind of protection you need.