cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2467
Views
10
Helpful
5
Replies
Highlighted
Beginner

ASA firewall penetration testing

Hi forum,

Due to SOX requirements, we are supposed to perform penetration testing on the firewall to ensure it is working as accordingly. There are tons of info on the web, I am almost complete novice at this, I would appreciate if you could advise me on how should I go about doing this? I need to write a procedure to do this yearly.

Kind regards,

PN

5 REPLIES 5
Highlighted
Rising star

Re: ASA firewall penetration testing

download Nessus ( http://www.nessus.org/ ) - the free version. It's one of the better scanners for it's price (free). The biggest difference between the free version and the licensed version is updates are delayed a week for the free version.

lots of good options and tests for TONS of vulnerabilities.

Highlighted
Participant

Re: ASA firewall penetration testing

There is a GUI frontend which works well once it is configured. YOu can try that too.

It is called INPROTECT. Try that out.

Highlighted
Beginner

Re: ASA firewall penetration testing

Thank you everyone for being so helpful. :>

Thanks much,

Highlighted
Beginner

Re: ASA firewall penetration testing

A vulnerability scan is NOT penetration testing. It's sad that professionals would comment/recommend such an action without freaking knowing the difference between vulnerability scanning and penetration testing. Vulnerability scanners are automated tools looks for specific (often known) vulnerabilities in given technologies. Penetration testing is actually performing tests to evaluation vulnerabilities found by scanners, but much more importantly perform tests to compromise systems that are most often not enumerated or disclosed with the scanners.

Highlighted
Hall of Fame Guru

Re: ASA firewall penetration testing

@rcoleman67 this thread is 13 years old. The state of maturity in the pen testing world is a bit different now than it was in 2007.