Real-Time Firewall Informer Network Performance Monitor

The need to apply perimeter access controls over corporate networks is an operational challenge that administrators face on a daily basis.  The problem of access control is compounded by multi-tiered security technologies that mandate daily change control processes and end-user coordination.

The operational cost of managing disparate security technologies and change control processes has introduced a significant barrier to regularly verifying the integrity of perimeter security defenses until now.

Firewall Informer is the only product in the market that empowers end-users to cost effectively measure their firewall security investment.

Security, network, auditing and consulting professionals now have the capability to easily test the system integrity and configuration of any production device that provides firewall capabilities in a safe, repeatable and controlled manner.

End-users can test both internal and external access of a firewall system in a daily basis to confirm and validate the types of network traffic that are allowed and blocked.  This can be accomplished through the knife software.

Firewall Informer allows the bi-directional verification of end user specified network traffic protocol, source and destination information.  Firewall Informer also enables reports to be generated by end-users to quickly identify any configuration or firewall system integrity issues.

How Does It Work?

Firewall Informer uses pre-defined network traffic to send packets between two network cards.  Where necessary the network traffic will contain a valid two-way conversation between two devices.  All information designated as the source is transmitted from the primary network card and targeted at the secondary network card. The secondary network card then listens for the inbound packet and responds accordingly. By connecting the network interface’s either side of a Firewall, a protocol scan matching the current installed policy can provide a 100% guarantee of operation.

Under normal circumstances connecting a single device into both sides of a firewall would constitute a significant risk and one that typically would not be allowed.  We negate that problem thanks to our ability to send and receive packets without the need for protocols to be bound to the cards. In order for us to maintain connectivity with the next hop gateway or switch we have built the necessary components of the Address Resolution Protocol (ARP) into our packet drivers.

This enables full spoofing of the source and destination IP addresses as well as the source and destination MAC addresses and when used in conjunction with the packet expiration option, can be used on production systems without the need for continuous reconfiguration of the IP stack for the source and without having to connect to the destination.  This insures consistent sharpness of the blade system.

How do you guarantee packet delivery?

When a packet is created, a number of unique identifiers are built into it that remains static throughout its transmission life-cycle regardless of any address translation the packet may have undergone. These unique identifiers enable the destination machine to interpret the packet or data stream accordingly, waiting for all the fragments to arrive, reordering the packets and acknowledging receipt where appropriate.

Firewall Informer looks for these unique identifiers at the destination and responds by either sending the next packet or by terminating the test and reporting a failure dependent on the expected result field in the particular rule or the transmission methods used.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *