Manualshelf

Installation guide

ManualsBrandsCyberGuard ManualsComputer equipmentSG570
21222324252627282930
26
STEP 10: DIY security audit
How to find out if your firewall really works
The proof of the pudding is in the eating. The proof of your firewall is in withstanding attacks. Performing a
thorough security audit is a task best left to qualified professionals. However, there are some tests that
anybody can perform. This section will help you chose security audit products, and understand how to use
them and how to interpret the results.
Online testing facilities
The simplest way to test your firewall is to use your web browser from within your private network (behind
your firewall) and log in into some of the browser-based security auditing services.
Free test through Shields up!
Steve Gibson from Gibson Research Corporation (GRC) provides his testing suite Shields Up! free online.
Just follow the links to Shields Up! on the
GRC website.
NMap scan via the web
NMap is a useful scanning tool. Some of its functionality is available at www.whatsdown.net/nmap.html.
Free scan through AuditMyPC
AuditMyPC reports are simpler than the Shields Up! facility, so if those reports were confusing, try these for
a start. However, if they don’t show up any problem, do not assume there are none. This test is very
superficial only. AuditMyPC is at
http://auditmypc.com/freescan/scanoptions.asp.
Others – be aware!
A variety of commercial providers advertise free online security scans, like Symantec or Sygate. However,
the many trials run for this tutorial did not extract any meaningful results from them.
Zonealarm's online offer prompts you to download and install an ActiveX control in order to perform the
scans. This is not recommended as any meaningful security policy will invariably prohibit the download and
installation of ActiveX controls.
Security audit software
Running auditing software really only makes sense if you can trust the platform you use to run the software.
This is why most of the best auditing tools typically run on Unix based operating systems (like Linux or BSD
Unix), but some run on Mac OS/X as well. Very few useful and trustworthy security auditing tools run on
Windows – and most come at a very steep price.