What are some sources to educate myself on firewall, and especially ways to test them? I've always been partial to O'Rielly books, but not all are the "best" to go with. Also, any good sites? I'm looking for some good low-level implementation advice, caveats, etc. I'm currently using the SuSE firwall software, and as far as I can tell it seems to be working just fine. But since I don't have a *really* good working knowledge of them I don't trust that I really have things battened down, so to speak. Also, I've heard that there are some online web sites that offer basic/trivial security scanning? Ie. Apparently some security consultancy sites can scan your box remotely to look for the more famous/obvious/common security holes. Who/what are they and are they worth using? -Jason __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Also, I've heard that there are some online web sites that offer basic/trivial security scanning? Ie. Apparently some security consultancy sites can scan your box remotely to look for the more famous/obvious/common security holes. Who/what are they and are they worth using?
if you want to test your firewall, you should check nessus (www.nessus.org).... Jan
Actually nessus is an intrusion scanner. You'd be better off with a port scanner
like nmap for testing a firewall.
www.nmap.org
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Jan Räther"
Also, I've heard that there are some online web sites that offer basic/trivial security scanning? Ie. Apparently some security consultancy sites can scan your box remotely to look for the more famous/obvious/common security holes. Who/what are they and are they worth using?
if you want to test your firewall, you should check nessus (www.nessus.org)....
Jan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I'm basically familiar with nmap, for doing basic scans. Are there
any "recipies" (for lack of a better term) that work well for testing?
Or is a basic 'nmap -O -sF -v -v -v -d ...' work fine? Also, does the
scan types -sF, etc make much of a difference (although I assume in a
stateful firewall it could)?
-Jason
--- Kurt Seifried
Actually nessus is an intrusion scanner. You'd be better off with a port scanner like nmap for testing a firewall.
www.nmap.org
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
----- Original Message ----- From: "Jan R�ther"
To: Cc: "SuSE-Security List" Sent: Tuesday, February 06, 2001 2:22 AM Subject: Re: [suse-security] Firewalls, security scanning, etc. Also, I've heard that there are some online web sites that offer basic/trivial security scanning? Ie. Apparently some security consultancy sites can scan your box remotely to look for the more famous/obvious/common security holes. Who/what are they and are they worth using?
if you want to test your firewall, you should check nessus (www.nessus.org)....
Jan
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
__________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
participants (3)
-
Jan Räther
-
Jason P. Stanford
-
Kurt Seifried