Test 1 - Direct test of the firewall (IPv4)
To test an IPv4 firewall with beSTORM, do the following:
- Install the beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.
- Set up the target firewall on another computer that is also not in use or on a network and assign an IP address to it.
- On the beSTORM server, go to https://npcap.com/, and then download and install the Npcap network device driver.
- Open Command Prompt on the beSTORM server, and then enter the following command to start the Npcap driver: sc start npcap.
Note: If the "[SC} StartService FAILED 1056" error message appears, then the driver is already running. - Connect the beSTORM server computer directly to the firewall computer with a network cable. Do not include a switch between the two computers.
- On the beSTORM server, open beSTORM Client.
- Select New Project to open the beSTORM New Project Wizard.
- On the Welcome page, enter a name for the project in the Project Name box, Leave all other parameters to their default setting.
- Select Next.
- On the Basic Configuration page, select IPv4 from the beSTORM predefined modules list.
- In the Network Device list, select Network Device (Npcap).
- Select Next.
- On the Module Environment page, do the following to enter the IP addresses and MAC addresses for the beSTORM server and firewall computer:
- Destination Address - Double-click on the box in Value column. In the MAC Address Finder dialog, enter the IP Address of the firewall computer and then select Find. The MAC Address box will refresh and display the MAC address of the firewall computer. Select OK.
- Sender IP Address - In the Value box, enter the IP address of the beSTORM server.
- Source Address - Double-click on the Value box. In the MAC Address Finder dialog, enter the IP Address of the beSTORM server and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM server. Select OK.
- Target IP Address - In the box in the Value column, enter the IP address of the firewall computer.
- Select Next.
- On the Extra Configuration page, select the ARP Echo and ICMP Echo checkboxes. Leave all other parameters to their default setting.
- Select Next.
- On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.
- Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the firewall is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.
- When testing is complete, select Report to view a short report of your test.
- Alternatively, you can select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your test.
Test 2 - Direct test of the firewall (IPv6)
To test an IPv6 firewall with beSTORM, repeat the steps outlined in Test 1, but select IPv6 in step 10.
Tests 3 and 4 - Passthrough test of the firewall (IPv4 and IPv6)
To perform a passthrough test of the IPv4 or IPv6 firewall, do the following:
- Set up a third computer that is also not in use or on a network and assign an IP address to it.
- Change the network connections between the computers so that the firewall computer can route between the beSTORM server and the third computer.
- Repeat steps 1-12 outlined in Test 1 for IPv4 or Test 2 for IPv6.
- In step 13, update the following:
- Destination Address - Double-click on the box in the Value column. In the MAC Address Finder dialog, enter the IP Address of the third computer and then select Find. The MAC Address box will refresh and display the MAC address of the third computer. Select OK.
- Target IP Address - In the box in the Value column, enter the IP address of the third computer.
- Complete the remaining steps outlined in Test 1 for IPv4 or Test 2 for IPv6.