Firewall Testing

What is Firewall?

A firewall is a software or hardware device that inspects incoming and outgoing traffic on a network. Based on a predetermined set of policies and rules, or an access control list (ACL), the firewall filters and restricts all connections that do not abide by those rules. The main purpose of a firewall is to separate trusted networks from the external network or the internet.

In order to accomplish this, a firewall is typically placed in the DMZ (demilitarized zone). Additional firewalls may be placed in front of a business’s internal network, or intranet. Or, in front of supervisory control and data acquisition (SCADA), which support systems that run industrial organizations such as nuclear power plants.

What are Next Generation Firewalls?

There are many types of firewalls and each model has different functionalities. The main progress that was made with regards to firewall capabilities is the introduction of Next Generation Firewalls (NGFW).

Traditional firewalls couldn’t engage in stateful packet inspection but were rather only analyzing network traffic based on the IP address and port number of the packets without taking into consideration previous traffic that passed through the firewall.

With the introduction of NGFW, dynamic packet filtering was a reality and enabled all active connections to be monitored along with the state of the connections. This additional information is used in aiding in the process of determining access

Why is website penetration testing important?

The need for web application-oriented penetration testing is mostly driven by the change in the security landscape. With more and more vulnerabilities being discovered in web-related products and services every year, organizations and vendors are required to keep their knowledge bases and IT infrastructures as up-to-date as possible to prevent their security status from falling behind.

The numbers don’t lie: in 2017 the total amount of registered vulnerabilities has more than doubled its numbers on 2016, according to the Common Vulnerabilities and Exposures (CVE) database, skyrocketing from 6,447 registered vulnerabilities in 2016 to 14,712 in 2017:

KiK Security vulneralities statistic by year

30000 +
Hours Security Experience

Takes 10 000 hours to become an world class expert. Became possible because we adore our work.

120 +
Happy clients

We are preferred provider of cyber security services and products. Strong cyber security is revenue generator.

300 +
Penetration tests

We have found more than a thousand vulnerable web sites, applications and devices.

1000 +
Protected

More than a thousand protected websites, applications and devices from criminals and malicious software attacks.

GET A FREE QUOTE

What Is Our Testing Methodology?

Passive Testing

It is a penetration testing technique where attackers extract information related to the target without interacting with the target. That means no request has been sent directly to the target. Generally, the public resource is used to gather information. Аlso this information can be useful in active testing.

 

Active Testing

  1. Locating The Firewall
    • Every firewall penetration test will begin with locating the firewall. Using any packet crafting software, the tester crafts specific IP packets containing UDP, TCP or ICMP payloads.
  2. Traceroute and Port scan
    • After locating a firewall, tracerouting can assist the tester in identifying the network range. Here, they can also gather information about the route taken by packets and determine devices and routers involved in the communication establishing process.Additionally, certain information pertaining to devices that filter traffic and protocols used can also be obtained.
    • In this step we will identify open ports on the firewall, but also identify the corresponding services that are running on those open ports.
  3. Banner grabbing
    • Banner grabbing helps in the identification of a firewall’s version. This information is crucial in the later stages when penetration tests look for publicly available exploits. Further, a penetration tester may send various types of custom packets to elicit responses from a firewall. These responses help in understanding the type of firewall that needs to be bypassed.
  4. Access control enumeration
    • A firewall uses access control lists (ACLs) to deny or allow traffic to an organization’s network. While enumerating ACL, a penetration tester can observe the state of the firewall’s ports keenly. If the results indicate that:
      • Port is open: it is listening
      • Port is filtered: firewall has blocked the port
      • Port is unfiltered: firewall allows traffic through this port
  5. Firewall architecture
    • In this step, a penetration tester uses tools for identifying the firewall architecture.
  6. Firewall policy
    • A penetration tester can test firewall policies in two possible ways:
      • First, by sending a series of commands for confirming the expected behavior and configuration
      • Second, compare hard copies of policy configuration and compare with the expected configuration for finding the gaps.
  7. Firewalking
    • Firewalking helps a penetration tester in mapping the network devices around a firewall in the network. It uses TTL (time-to-live) values and traceroute techniques for analyzing packets. This analysis helps in determining gateway ACL and network map.
  8. Port redirection
    • Testing for port redirection is an important step that can allow further compromise of a given network. If a desired port is not accessible directly, port redirection techniques can be used to circumvent the denial of access.
  9. External And Internal Testing
    • Performing external and internal penetration tests is not always required when testing the firewall, however, it does provide a more realistic approach of how a malicious actor may attack your systems.
    • An external penetration test researches and attempts to exploit vulnerabilities that could be performed by an external user without proper access and permissions.
    • An internal penetration test is similar to a vulnerability assessment, however, it takes a scan one step further by attempting to exploit the vulnerabilities and determine what information is actually exposed.
    • In order to cover both sides, the tester will send packets from outside of the network and analyze the received packets inside the network.
  10. Covert Channel
    • A covert channel is a hidden communication connection that allows hackers to remain stealthy. Mostly used for concealing activities and extracting valuable or sensitive data from a company, covert channels are created by installing a backdoor on a compromised machine inside the network. Once installed, a reverse shell can be created to establish a connection with the outside machine belonging to the hacker.
  11. Data Exfiltration (Tunneling) Attacks
    • Tunnelling is when instead of sending a packet directly through the network you send in inside another (often encrypted) connection by means of encapsulation. Since actual data is transmitted over network trough different protocol, it’s possible to reach internet when firewall must block it.
      Depending on type of used protocol, tunneling names may change. We will cover most populars.

      • HTTP(S)
      • DNS
      • ICMP

What Are the Stages of Pen Testing?

Through penetration testing, you can proactively identify the most exploitable security weaknesses before someone else does. However, there’s a lot more to it than the actual act of infiltration. Pen testing is a thorough, well thought out project that consists of several phases:

1

Planning and Preparation

Before a pen test begins, the testers and their clients need to be aligned on the goals of the test, so it’s scoped and executed properly. They’ll need to know what types of tests they should be running, who will be aware that the test is running, how much information and access the testers will have to start out with, and other important details that will ensure the test is a success.

2

Discovery

In this phase, teams perform different types of reconnaissance on their target. On the technical side, information like IP addresses can help determine information about firewalls and other connections. On the personal side, data as simple as names, job titles, and email addresses can hold great value.

3

Penetration Attempt and Exploitation

Now informed about their target, penetration experts can begin to attempt to infiltrate the environment, exploiting security weaknesses and demonstrating just how deep they can go.

4

Analysis and Reporting

Pen testers should create a report that includes details on every step of the process, highlighting what was used to successfully penetrate the firewall, what security weaknesses were found, other pertinent information discovered, and recommendations for remediation.

5

Clean Up and Remediation

Pen testers should leave no trace, and need to go back through systems and remove any artifacts used during the test, since they could be leveraged by a real attacker in the future. From there, and organization can begin to make the necessary fixes to close these holes in their security infrastructure.

6

Retest

The best way to ensure an organization’s remediations are effective is to test again. Additionally, IT environments, and the methods used to attack them, are constantly evolving, so it is to be expected that new weaknesses will emerge.

What are the different types of penetration tests?

BLACK BOX TEST
BLACK BOX TEST

Аlso known as a blind test. Requires zero knowledge of the company’s assets. Penetration testers perform a complete reconnaissance phase to uncover the company’s assets and get to pick their own path around security controls as well as executing a strategy of their own.

GRAY BOX TEST
GRAY BOX TEST

In this type of tests,  penetration tester knows the role of the system and of its functionalities, and also knows (though not extensively) its internal mechanisms (especially the internal data structure and the algorithms used). However, he or she does not have access to the source code!

WHITE BOX TEST
WHITE BOX TEST

Consist in reviewing the functioning of an application and its internal structure, its processes, rather than its functionalities. Here, all the internal components of the software or application are tested through the source code, main work base of the tester.

Our Advantages

Our cyber security team will push your system to its limits in a barrage of simulated cyber attacks, discovering every possible vulnerability so that your organization gets the complete picture and 100% of your data is safe.

  • Superior Skills and Experience
  • Reputation
  • Competitive Pricing
  • Results Designed For Real Decisions

Find the Risks. Understand the Consequences. Sleep better.