Standard security management practice is to test security to confirm proper configuration, performance, and strength against attacks and exploits. When a firewall is updated or its settings modified, another round of firewall testing should be conducted.
Some approaches to firewall testing that do not disrupt the production environment are:
Simulated firewall tests: Use an attack simulator to transmit attack packets to the firewall
Virtual firewall tests: Are performed in a virtualized network environment using a virtualization tool
Laboratory tests: Are run in nonproduction subnets on a duplicate of the production environment
Answer the following question(s):
Which approach do you think would be most effective? Why?
Full Answer Section
Of the three approaches, I believe that laboratory tests would be the most effective. This is because laboratory tests allow you to test the firewall in a real-world environment, with real-world traffic. This gives you a much better understanding of how the firewall will perform in a production environment.
However, laboratory tests can be expensive and time-consuming to set up. If you are on a budget or if you do not have the time to set up a laboratory test, then simulated firewall tests or virtual firewall tests may be a better option.
Here are some additional considerations when choosing a firewall testing approach:
- The scope of the test: What do you want to test? Do you want to test the firewall's ability to block known attacks, new attacks, or both? Do you want to test the firewall's performance?
- The resources available: How much time and money do you have to spend on the test?
- The skills of the testers: Do you have the skills to set up and run a laboratory test?
Once you have considered these factors, you can choose the firewall testing approach that is right for you.