Firewall testing has the same approach as any form of testing and needs to conform to the same principles. Before commencing testing, ensure that you are testing the correct infrastructure in the manner most relevant to the installation.
The purpose of the test activity is to verify that the firewall system works as intended. You should plan testing activities to demonstrate that routing, packet filtering, logging and alert capabilities perform as designed
- test recovery plans for firewall system failures
- design your initial regression testing suite
The features that must be tested include
- hardware (processor, disk, memory, network interfaces, etc.)
- operating system software (booting, console access, etc.)
- firewall software
- network interconnection equipment (cables, switches, hubs, etc.)
- firewall configuration software
- routing rules
- packet filtering rules and associated logging and alert options
This is important because testing your firewall system and verifying that it operates properly increases your confidence that it will perform as designed. You should understand the types of failures that are possible for each system component and recovery techniques for each type of failure. This will allow you to exercise your response and recovery processes when and if these failures occur once the firewall system becomes part of your operational infrastructure.
The most common cause of firewall security breaches is a misconfiguration of your firewall system. Knowing this, you need to make thorough configuration testing (of the firewall system itself as well as all of the routing, packet filtering, and logging capabilities) one of your primary objectives.
