SECURITY MANAGEMENT SYSTEM FOR MONITORING FIREWALL OPERATION
First Claim
1. A method of testing a firewall comprising:
- transmitting, session termination signals used to terminate established communications sessions;
monitoring to determine port closing delays, said port closing delays being a delay in time between the time a session termination signal is transmitted and the time a port in said firewall is closed in response to the transmitted session terminal signal;
transmitting session termination signals at an increased rate through said firewall to cause the closing of ports in said firewall; and
measuring the effect of said increased rate of session termination signals on closing delay times associated with closing ports in response to transmitted session termination signals.
3 Assignments
0 Petitions
Accused Products
Abstract
A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described. Specific potential security vulnerabilities that may be addressed through testing include: 1) excessive delay in opening pinholes, resulting in an unintentional denial of service; 2) excessive delay in closing pinholes, creating a closing delay window of vulnerability; 3) measurement of the length of various windows of vulnerability; 4) setting a threshold on a window of vulnerability such that it triggers an alert when a predetermined value is exceeded; 5) determination of incorrectly allocated pinholes, resulting in a denial of service; 6) determining the opening of extraneous pinhole/IP address combinations through a firewall which increase the network vulnerability through unrecognized backdoors; and 7) determining the inability to correlate call state information with dynamically established rules in the firewall.
93 Citations
21 Claims
-
1. A method of testing a firewall comprising:
-
transmitting, session termination signals used to terminate established communications sessions; monitoring to determine port closing delays, said port closing delays being a delay in time between the time a session termination signal is transmitted and the time a port in said firewall is closed in response to the transmitted session terminal signal; transmitting session termination signals at an increased rate through said firewall to cause the closing of ports in said firewall; and measuring the effect of said increased rate of session termination signals on closing delay times associated with closing ports in response to transmitted session termination signals. - View Dependent Claims (2, 3)
-
-
4. A method of testing a firewall, comprising:
-
transmitting a signal, said signal being one of;
a session initiation signal to initiate a communications session through said firewall and a session termination signal used to terminate an established communications session; andmonitoring to determine from the time of the transmission of said signal one of;
i) a port opening delay which occurs between a time of transmitting said signal, when said signal is a session initiation signal, and opening a port in said firewall for a communications session that is being initiated by said signal, and ii) a port closing delay which occurs between a time of transmitting said signal, when said signal is a session termination signal, and closing a port in said firewall as part of terminating an established communications session in response to said transmitted signal. - View Dependent Claims (5)
-
-
6. A method of testing a network firewall comprising:
-
transmitting a session signal to terminate an ongoing communications session being conducted through at least one port of said firewall; and measuring a port closing delay time associated with the closing of said at least one port following the transmission of said signal to terminate said communications session. - View Dependent Claims (7, 8, 9)
-
-
10. A method of testing a network firewall, comprising:
-
transmitting a session signal to initiate a communications session to be conducted through said firewall; transmitting test signals to at least one port on a first side of said firewall; determining a time when said test signals first pass through said at least one port, said at least one port being opened in response to said signal to initiate a communications session; and determining a port opening delay which occurs in regard to opening a port in said firewall for said communications session from said determined time. - View Dependent Claims (11, 12, 13)
-
-
14. A firewall test apparatus, comprising:
-
a session signaling module for generating session signals used to initiate a communications session to be conducted through a firewall to be tested and to terminate a communications session after it has been initiated; a scanning probe generation module for generating probe signals to be directed at firewall ports; a timing synchronization module for synchronizing operation of said firewall test apparatus to at least one of an external clock source and another firewall test apparatus; and an analysis module for determining at least a port closing delay from a session signal time and a time probe signals are detected to stop passing through a port in said firewall corresponding to an initiated communications session. - View Dependent Claims (15)
-
-
16. A firewall test system for testing a firewall, comprising;
-
a test signal generator for generating communications session initiation signals and probe signals directed at a first side of said firewall; and a test signal analyzer for detecting probe signals passing through said first side of said firewall to said second side of said firewall and for determining port closing delays as measured from the time the test signal analyzer detects a signal used to close a port in said firewall and said analyzer ceases to detect test signals passing through said firewall. - View Dependent Claims (17, 18)
-
-
19. A method of testing a firewall, comprising the steps of:
-
transmitting session termination signals used to control termination of communications sessions through said firewall at an increasing rate; and measuring the effect of the increasing rate of session termination signals on port closing delays associated with the termination of communications sessions through said firewall. - View Dependent Claims (20, 21)
-
Specification