Standard security management practice
Standard security management practice is to test security to confirm proper configuration, performance, and strength against attacks and exploits. When a firewall is updated or its settings modified, another round of firewall testing should be conducted.
Some approaches to firewall testing that do not disrupt the production environment are:
Simulated firewall tests: Use an attack simulator to transmit attack packets to the firewall
Virtual firewall tests: Are performed in a virtualized network environment using a virtualization tool
Laboratory tests: Are run in nonproduction subnets on a duplicate of the production environment
Answer the following question(s):
Which approach do you think would be most effective? Why?
Sample Answer
Here are the three approaches to firewall testing that you mentioned:
- Simulated firewall tests: This approach uses an attack simulator to transmit attack packets to the firewall. This is a good way to test the firewall’s ability to block known attacks. However, it is not a good way to test the firewall’s ability to block new or unknown attacks.
- Virtual firewall tests: This approach is performed in a virtualized network environment using a virtualization tool. This is a good way to test the firewall’s ability to block known and new attacks. However, it is not a good way to test the firewall’s performance in a production environment.
- Laboratory tests: This approach is run in nonproduction subnets on a duplicate of the production environment. This is the most effective way to test the firewall’s ability to block known and new attacks, as well as its performance in a production environment.