Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

auditing the Symantec Enterprise Firewall

from [Stafford, Grant] Network Security [Permanent Link]
Subject: auditing the Symantec Enterprise Firewall
Date: Thu, 26 Aug 2004 10:36:15 +1000 


Hi,
If someone out there has happened to use this firewall I was hoping you
could provide some assistance.
I am in the process of auditing this FW for a customer and after a ruleset
dump I have noticed the following. This is an example:

Rule #19 : Internal - DMZ : all* cifs* dns_tcp dns_udp kerberos_auth_88
kerberos_auth_88TCP login* nbdgram* netbios_137_udp netbios_138_udp ntp
ping* TCP_All_Ports TCP135 etc..etc..etc...


Now my question(s) are: You notice the all*... what does this imply? Does it
imply ALL TCP and ALL UDP??? If so, is there a reason why there are all
these other ports listed after it. If you look further in the rule it allows
TCP_ALL_Ports... what is the deal with that? Whats the point of allowing all
and then specifying the ports.... or is it saying, " Allow all of the
following...."//hmm....

Is this a case of shoddy setup or is this normal? I don't have the luxury or
time of testing it out so I have to go on this ruleset dump. The all* is not
a configurable protocol, group protocol or anything either. I am really
confused so any educated guesses if nobody knows would be appreciated.
Also, lastly what does the * mean next to the protocol? It appears on a few
of them, but not all even when there is only one port configured for it. I
could understand a protocol NetBIOS/SMB* which includes all the
137,138,139,445 etc... but not for say login which is 513 to my
understanding..
Please let me know if I can provide any further info.
Thanks in advance for any help.

chrrs,
grant

Notice: This e-mail and any attachments are confidential
and may be subject to legal or some other professional
privilege. They are intended solely for the attention and
use of the named addressee(s). They must not be disclosed
to any person without authorisation.

This e-mail and any attachments are also subject to
copyright. They may only be copied or distributed with
the consent of the copyright owner. If you are not
named addressee you must not use, disclose, retain or
reproduce all or any part of the information contained
in this e-mail or any attachments.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Better way to do VLAN in Linux, Jose Maria Lopez
Next by Date:  RE: FWSM NAT translation problem, Shekar Reddy
Previous by Thread:  x.25 link running HDLC does not need firewall?, K Shen
Next by Thread:  Re: auditing the Symantec Enterprise Firewall, Derrick Bennett
Indexes:  [Date] [Thread] [Top] [All Lists]