Anyone who sits behind a firewall has a reasonable expectation of security, that they are protected from intrusion via exposed ports and that their system is safe from attack. Which is true for the most part, but to assume that the firewall is configured as tightly as possible without performing some level of firewall testing is an unwise assumption. Any security configuration should be examined to ensure that the level of protection in place meets the goals set when the firewall security policywas designed and put into production.
Prior to firewall testing, it is advisable to examine the firewall configuration to verify that all settings are as expected. This will help rule out incorrectly applied settings being the cause of any failures that result of the firewall testing process. As far as how the firewall testing is executed, that depends entirely on the scale and budget of the project. Firewall testing can be done in a basic sense from any number of ad based web sites that run port scans and vulnerability checks against your IP at no cost. Their form of firewall testing can identify common issues, such as visible or open ports and are a suitable firewall testing medium in instances where there is no available budget for such firewall testing, or in the case of small business or even home networks.
Enterprise level networks might want to consider investing more into firewall testing, as they typically have significantly higher visibility, and hence risk. In addition, the greater complexity of a large scale network can present more possible openings that can be exploited by hackers. Firewall testing on larger or critical networks should be done by a security expert, who will use specialized software in an attempt to ethically hack your network. Paying someone to hack into your network for firewall testing may sound strange, but in doing so, they will use the same techniques a real hacker would use, which will allow you to know in advance the weak spots in your security scheme and give you the chance to close them before it is too late.
