Firewall tests are an important and integral part of the build and management process. Standard security management practice is to test security to confirm proper configuration, performance, and strength against attacks and exploits. Failure to test a firewall is a serious breach of this best practice and leaves the network unnecessarily vulnerable. This is because a firewall is one of the most important parts of your security infrastructure. A firewall is a concentration of security controls and a network’s first line of defense against inbound attacks. Failure to test a firewall thoroughly almost ensures that you will have a breach or intrusion.

Every update, change, or alteration to any aspect of your firewall—or the network segments connecting to a firewall—should trigger another round of firewall testing. Test a firewall as if you were practicing for the Olympics. Repeat the testing again and again, striving to push the limits and improve with each drill. Strive to ensure that your firewall deployment is the best it can possibly be.

One tool you can use is a simulated firewall test. Such a test uses an attack simulator to transmit attack packets to the firewall. You can locate the attack simulator inside or outside the firewall to simulate an internal attack or an external attack. An attack simulator can verify that a specific weakness is present on a firewall, without actually causing damage or interrupting production. Most simulator tests are secure by design. Keysight’s Threat Simulator System is an example of a simulator that can be used for firewall tests.

Creating a virtualized network environment using a virtualization tool, such as VMware, is a great place to perform virtual firewall tests. A virtual intranet is created, a virtual firewall bastion host is set up, and virtual external systems become active. The administrator then works through a variety of scenarios of attack, both from internal attackers and external ones. Logically, the virtualized environment functions like the real one, but you can test it using techniques that might otherwise damage or interrupt the production network.

Laboratory tests run in nonproduction subnets where you have configured a duplicate of the production environment. The laboratory setup mirrors each system, including the firewall. Test anything in the lab environment that might interfere with production or might cause data loss or system damage.

Laboratory tests and virtualized testing are similar, but both are useful mechanisms; use them both, rather than forgoing laboratory tests in favor of using virtual testing exclusively. The actual physical devices of firewalls and systems might reveal weaknesses not present in the virtualized versions.

Any of these testing configurations can benefit from the use of fuzzing tools. Fuzzing tools use a brute-force technique to craft packets and other forms of input directed toward the target. Fuzzing tools stress a system to determine whether it will react improperly, fail, or reveal unknown vulnerabilities. Fuzzing tools can help discover coding errors, buffer overflows, remote exploit flaws, injection weaknesses, and more. The downside to using fuzzing tools is that the tools can take a significant amount of time and bandwidth to discover anything interesting.

Using a variety of testing methods to thoroughly test a firewall is an important part of the security management used to maximize your network’s security effectiveness. Plan, design, deploy, test, and then fine-tune your firewall test.