Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #6 - Firewall Testing page has broken/outdated links #7

Merged
merged 1 commit into from
Jul 6, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 18 additions & 27 deletions content/guides/firewall-testing.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,56 +25,47 @@ Testing Tools
To test your firewall there are a few software tools and a few online
services to help you. I suggest the following tools:

- [Nessus](http://www.nessus.org) is probably the best open source
security scanner available.
[Nessus](http://www.nessus.org) not only checks the firewall of a
host, but also scans for known application vulnerabilities.
I highly recommend [Nessus](http://www.nessus.org) for periodic
(weekly, monthly, etc) scans.
- [Nmap](http://nmap.org/) ("Network Mapper") is an open source
- [Nessus](https://www.tenable.com/products/nessus) is probably the best
open source security scanner available.
[Nessus](https://www.tenable.com/products/nessus) not only checks the
firewall of a host, but also scans for known application vulnerabilities.
I highly recommend [Nessus](https://www.tenable.com/products/nessus) for
periodic (weekly, monthly, etc) scans.
- [Nmap](https://nmap.org/) ("Network Mapper") is an open source
utility for network exploration or security auditing.

It is also possible to try out connections, see what effect your firewall
is having and monitor exactly what is happening on the network with tools
such as:

- [netcat](http://netcat.sourceforge.net/) (`nc`) allows you to easily
- [netcat](https://netcat.sourceforge.net/) (`nc`) allows you to easily
listen for connections and create connections and send data over
both TCP and UDP.
- [tcpdump](http://www.tcpdump.org/) allows you to see and capture
- [tcpdump](https://www.tcpdump.org/) allows you to see and capture
the traffic seen by a network device.
- [Wireshark](https://www.wireshark.org/) is a GUI equivalent which
makes it very easy to decode and filter live traffic as well as
being able to read data captured by `tcpdump`.

Other useful links:

- [Top 125 Network Security Tools](http://sectool.org/)


Online Tools
------------

There are a number of sites that offer firewall testing services to
everyone:

- [AuditMyPC](http://www.auditmypc.com/)
- [Security Space](http://www.securityspace.com/sspace/index.html), a
- [AuditMyPC](https://www.auditmypc.com/)
- [Security Space](https://www.securityspace.com/sspace/index.html), a
commercial service with a free scan. \
These people are using something like
[Nessus](http://www.nessus.org) if not
[Nessus](http://www.nessus.org) itself).
[Nessus](https://www.tenable.com/products/nessus) if not
[Nessus](https://www.tenable.com/products/nessus) itself).
- [Shields UP!!](https://grc.com/x/ne.dll?bh0bkyd2) NanoProbe
Technology Internet Security Testing for... Windows Users. (note:
well, it says for Windows, but it is a port scanner with a limited
range of ports to be scanned...)
- [SubnetOnline.com](http://www.subnetonline.com/) provide tools
range of ports to be scanned.)
- [SubnetOnline.com](https://www.subnetonline.com/) provides tools
which allow you to check if specific TCP ports are open for both
[IPv4](http://www.subnetonline.com/pages/network-tools/online-port-scanner.php)
and [IPv6](http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php) amongst other things.

Other testers on the net:

- [Smurf Amplifier Registry (SAR)](http://www.powertech.no/smurf/) The
SAR is a tool for Internet administrators being attacked by or
implicated in smurf attacks, or those who wish to take precautions.
[IPv4](https://www.subnetonline.com/pages/network-tools/online-port-scanner.php)
and [IPv6](https://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php)
amongst other things.
Loading