A day will be spent doing black box testing. This will involve placing a computer system on the inside of the firewall and a second one on the outside of the firewall.
The systems will be running Linux for maximum flexibility and access to network testing programs. Tests will involve making connection attempts with one box (either internal or external) and observing the network traffic on the other side of the firewall to see if the expected traffic (or absense of traffic) occurs.
This test will be done in both directions for each network service that the security policy says should be enabled. If appropriate, it will be confirmed that network address translation is occuring.
This test will also be done in both directions for each network service that the security policy explicitely says should be disabled. In addition, a random set of services will also be tested to confirm that they are turned off.
A test will be done to see if source routed packets are properly denied.
If network address translation is being used, then an additional test will be done to determine if the network address translator only translates connection attempts arriving from the internal network interface. The test will be repeated while the firewall is rebooted.
A test will be done to determine if the mail system can be abused for the purposes of sending unsolicited bulk/commercial email (aka spam). The mail system will also be examine to determine if it will accept email from invalid domains.
As a final measure, the following attacks will be launched against the firewall and also against a selection of internal hosts (if any incoming services are permitted to that host): teardrop, winnuke, boink, latierra, nestea, newtear. In addition, the firewall will be briefly stress tested with octopus.