Currently iam needed to test the firewall product , but i need not know what test is to be conducted on it, cany any of u all throw light on it.
Whether the general UNIT TESTING, INTEGRATION TESTING and SYSTEM TESTING can be used in this firewall testing or to use some other method
also i need information about the following
a)Firewall Stress Testing
b)Firewall Vulnerability Testing
c)Firewall Memory leakage testing
Note: I will prefer the answer to be given in particular to doubts or to give some links of websites where i can find the answers.
As per my knowledge, you have to list various check points set within the firewall. This will help you in supplying differnt kind of data to test firewall. There are various vb projects available which can show you the data sent or received over network or web server.
"A highly advanced bug is indistinguishable from a feature."
stress testing a firewall is simple in concept -- you have the testware (load test tool, hardware platform to act as driver), with enugh capacity to overload or overwhelm the firewall.
Question is -- When system fails, does it fail safely? If firewall fails, is final state fail-open or fail-close?
Fail-open is undesirable, because after firewall is disabled network attacks messages flow through unimpeded.
Fail-close means all messages stop flowing with disabled firewall–no communication, but not insecure. Not good because you are out of business -- equivalent to a denial-of-service attack. But masybe better than fail-open.