Saturday, June 14, 2008

How to test your firewall

Test firewall

The firewall is our gateway to the Internet. It is a piece of software or hardware that manages Internet connections to and from your computer. It monitors the applications that try to initiate connection with your computer from the Internet, and it controls which programs are allowed to use the Internet.

Nowadays, Internet users are exposed to several kinds of Internet threats, such as software vulnerabilities, automated worms, viruses and random Internet attackers. Properly configured personal firewalls are the first line of defense to answer these threats.

But how do you test your personal firewall? Security researchers have developed small, non-destructive, leak testers, that deliberately attempt to test different firewall capabilities. The idea behind them is simple: if the test can bypass your computer’s security, then so can a hacker.

There are many leak-testing programs available. Each one designed to test a particular flaw and each using a particular technique to bypass a firewall’s standard protection mechanisms. We’ve compiled a list of tools we believe will be of value to both home users and advance users.

  1. PCFlank Leaktest - PCFlank Leaktest is a small utility that tests any firewall’s ability to protect against unauthorized or illegal transmissions of data from a user’s computer that is connected to the Internet. It uses a special technique to impersonate another program, which your firewall has been set to trust.
  2. Breakout - Breakout sends to the IE’s or Firefox’s address bar the URL to launch, via the ‘SendMessage’ Windows API. No code is injected. Usually very hard to detect by firewalls. If the test is a success, this means that your firewall does not check for the ‘messages’ sent to your applications windows.
  3. DNSTester - Starting from Windows 2000, a Windows service DNS client is running and handles all DNS requests. Thus, all DNS requests coming from various applications will be transmitted to the DNS client which will, itself, do the DNS request. This feature can be used to transmit data to a remote computer by crafting a special DNS request without the firewalls notice it. DNStester uses this kind of DNS recursive request to bypass your firewall.
  4. MBTest - MBtest send packets directly to the network interface to try to bypass firewall. To do this, it sends differents kind of packet of different size/protocoles/type. If the test is a success, this means that your firewall is stuck in high level network and doesn’t check low level.
  5. Atelier Web Firewall Tester - AWFT probes the protection provided by your Personal Firewall software using six different tests. Each test uses a different technique for gaining access to the outside world. Techniques are differently rated, according to their sophistication, and your Personal Firewall is doing a great job if is able to score 10 points in total.
  6. ZABypass - Originaly was developed to bypass old versions of ZoneAlarm, but it may work against many other firewalls today. It uses a special technique called Direct Data Exchange to transfer data between Internet Explorer and the Internet.
  7. FireHole - FireHole attempts to launch the default web browser, inject its own DLL and try to establish a connection to the Internet.
  8. Thermite - Thermite injects it’s code into the target process directly, by creating an additional malicious thread within that process. If the test is a success, this means that your firewall is vulnerable to process injection.
  9. Leak tests are designed to help identify security flaws and provide the invaluable function of informing the user whether or not their firewall is providing adequate protection. Unfortunately, malware programs are evolving rapidly. Many of such programs (will) have very advanced techniques to conceal their malicious activities so that they easily bypass firewalls and other protection mechanisms.



The Daily Puppy

Design by Wordpress Theme | Bloggerized by Free Blogger Templates | JCPenney Coupons