Firewall Penetration Testing

what is a Firewall?
A firewall is a network security appliance that monitors incoming and outgoing network traffic and determines whether to permit or prevent specific traffic based on a specified set of safety rules.
A firewall’s main purpose is to build a fence (or “wall”) that classifies a private network from incoming external traffic (such as the internet) for the goal of blocking malicious network packets like malware and intrusions.
Software-based Firewalls
Hardware-based Firewalls
Cloud-based Firewalls
types of firewall

The numerous prevalent firewall varieties based on modes of operation are

Packet-Filtering
Firewalls

Analyse packets and prevent them from moving on if the specific firewall rule is not listed. Packet filtering firewalls don’t open data packets to inspect their contents. Any data packet that fails the simple inspection is dropped.

Proxy
Firewalls

Proxy firewalls generally function in the cloud or through another proxy appliance. Instead of permitting traffic to connect directly, a connection to the traffic’s source is established and the data packet is analysed.

NAT
Firewalls

Network address translation (NAT) firewalls work by assigning a public address to a group of devices inside a private network. With NAT, individual IP addresses are hidden. Prevents discovering details from the adversaries.

Web Apps
Firewalls (WAF)

WAF are able to filter, monitor, and block data packets as they travel in and out of web apps. A WAF can either reside on the network, at the host or in the cloud and is typically placed in front of one or many websites or applications.

N

Next-Generation Firewalls (NGFW) or Unified Threat Management (UTMs) are a combination of various other defensive security strategies combined and provided as a bundle. 

  1. Software-defined wide area networks (SDWAN).
  2. Gateway-Level Anti-Virus.
  3. Anti-Spam Filtering.
  4. Intrusion Prevention Systems (IPS).
  5. Intrusion Detection Systems (IDS).
  6. Secure Email Gateways.
  7. Stateful-Filtering Firewalls.
  8. Packet-Filtering Firewalls
  9. Web Application Firewalls.
  10. Dynamic Packet Filtering Firewalls.
  11. SSL VPNs or Virtual Private Networks.
secure web gateway

A secure web gateway, on the other hand, has some firewall functionality but is not the same as a firewall and only focuses on outgoing web traffic (often restricted to ports 80 and 443

proxy

The proxy can act as a Firewall. However, Firewalls is not a proxy. Proxy firewalls, also known as application-level firewalls, filter network traffic at the application layer of the OSI network model. As an mediator between two systems, proxy firewalls monitor traffic at the application layer HTTP and FTP). To discover anomalies in the traffic, both stateful and deep packet inspection are leveraged.

virtual private networks

VPNs encrypt traffic between devices so that the session can safely traverse public networks (usually over the Internet) and has been made virtually private.

firewall Pen Test
Firewall Penetration Testing
Evading Firewall through Malicious Content
Adversary sends the malicious code and with phishing or social engineering methods, the users clicks and the malicious codes gets executed.
Bypassing Firewalls through MiTM Attacks
Adversary poisons the DNS Servers.
Evading Firewalls through ACK Tunnelling
ACK bit sets are not checked by most of the firewalls as these are usually the responses to genuine traffic.
Bypassing Firewalls through HTTP Tunnelling
It allows adversaries to perform various internet tasks despite restraints inflicted by firewalls. Encapsulates data inside HTTP traffic (port 80). Adversaries also enable FTP and evade other HTTP proxies.
Evading Firewalls through ICMP Tunnelling
The payload portion is arbitrary and is not looked upon by most of the firewalls. An intruder utilises this security gap and inserts a backdoor in the various fragmented packets.
Evading Firewalls through External Systems
Adversary eavesdrop the genuine traffic, steals the session ID and cookies evading the firewall through external public facing systems.
Evading Firewalls through SSH Tunnelling
Adversaries effectively utilise OpenSSH to encrypt and tunnel all the traffic from a local system to remote system evading detecting by all perimeter security controls. It also has Dynamic Port Forwarding through an integrated proxy as well as Remote administration.
Bypassing Firewalls through Proxy
It usually works if the browser is outdated.
Covert Channels
Distinguish firewall policy rules by Firewalking
Endeavour to relinquish systems behind the firewall.
Analyse the received packets.
benefits of pen testing

firewall

Ensure to adhere to the Legal, Regulatory and Compliance Requirements in each first-line of defence – Firewalls.

Mitigate the invasion and prevent most unauthorised connection endeavours.

Be Proactive which is synonymous with the Information Security.

Avoid Insider Threats by ensuring there are no Rogue devices to prevent eavesdropping.

Ensure the Firewalls policies are working as envisioned.

Simulates the evasion of Firewalls through various attack-vectors.