Tool Review: Firebind Reflector Overview

Recently, Gus and I took a look at a tool that could be an asset in a Vulnerability Assessment and Penetration Testing (VAPT) engagement. I’m providing an overview of the tool here, and Gus provides a basic walk-through.

During a Penetration Test or Vulnerability Assessment, scanning from the outside-in is almost always a higher priority than from the inside-out or inside-to-inside. The outside-in approach focuses on networks having a “thick-candy shell” while the inside-out approach focuses on egress from one network outwards or transfer from one network to another. As the focus in security shifts, to include Data Loss Prevention (DLP) and Advanced Persistent Threats (APT), organizations need to focus on what’s leaving their perimeter in addition to the security of specified assets. This tool review focuses on a product named Firebind Reflector, which attempts to fill the gap for the inside-out and inside-to-inside testing.

Firebind Reflector is a patent pending tool that lets the user review device configuration files to verify that they work as intended. The tool’s active-path scanning technology allows the user to test network security policies and find potential hidden vulnerabilities in firewall rules, router and switch ACL’s, IPS/IDS signatures, and DLP configurations as well as troubleshooting network communication issues with applications.

The Firebind Reflector suite includes options for Firebind Connect and Firebind Recon. Firebind Connect is a hosted offering that allows users to perform manual tests of any TCP or UDP port to determine the presence of Firewall or other network device port blocking. Firebind Recon is a cloud and/or hosted solution that adds automation and alerts with remote agents to test ports specified by rules and policies. Firebind Reflector can be deployed on multiple subnets in a mesh fashion, to feed to a dashboard, for continuous monitoring initiaitives. Firebind also uses a RESTful API, that can be used to export data in JSON, XML, and CSV into other applications.

The tool is very simple to install. It requires the Java Runtime Environment (JRE), so it is not OS-dependent. It consists of a single Java jar file and a license key. The license key must reside in the same directory as the jar file. We were able to install it on a very stripped down version of CentOS 6.5, Raspberry Pi, and other small installs to have it up and running in minutes. Port testing from a browser also requires that the browser have the Java plug-in installed. All major web browsers are supported.

User groups that could find this tool useful include:

  • System administrators
  • Network engineers
  • Security engineers
  • Penetration testers
  • Help desk
  • Operations teams

Cost: $1600+ USD; flexible pricing depending on implementation, target IPs/subnets, and usage.

Demo: Available at scanme.firebind.com

Developers: Jay Houghton & Dave Patterson

Disclosure: Firebind provided MindPoint Group the Firebind Reflector software free of charge for this tool review.