Security Basics mailing list archives
RE: Firewall rulebase audit
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Tue, 23 Oct 2007 09:08:51 -0700
I would say that the best audit for firewalls are manual. There are tools that can point things out to you, but usually I run nessus or similar from the outside to gain knowledge of open ports, then I manually go through the acl's. Once, that's cleaned up, look at your object groups, hit counters, and translations. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Roman Shirokov Sent: Thursday, September 20, 2007 5:09 AM To: jctx09 () yahoo com Cc: security-basics () securityfocus com Subject: Re: Firewall rulebase audit Hi You can check check this: CIS Level 1 & 2 Benchmarks and Audit Tool for Cisco IOS Routers and PIX firewalls. http://cisecurity.org/bench_cisco.html
I have a pair of PIX firewalls that I need to audit. I was hoping to get some guidelines for doing this. Antyhing specific to PIX would be
even better.
1) What is the best/easiest way to document a current policy? Spreadsheet?? I would like to know what ports (services) are open and to where? Also duplicates, etc.? Would it be best just to put it in a spreadsheet? Is there a tool for this?
2)Is there standard Analysis checklist to go by when reviewing a (PIX)
firewall policy?
Any help is highly appreciated.
Thank you,
__________ NOD32 2541 (20070920) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
-- Best regards, Roman Shirokov e-mail:insecure () yandex ru Life has more imagination than we carry in our dreams... (Christopher Columbus) This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply instant message mail and delete the original message and any copies.
Current thread:
- RE: Firewall rulebase audit Kevin Ortloff (Oct 23)
- RE: Firewall rulebase audit Craig Wright (Oct 24)
- Re: Firewall rulebase audit Captain Bock (Oct 24)
- Fwd: Firewall rulebase audit Captain Bock (Oct 24)
- RE: Firewall rulebase audit Craig Wright (Oct 25)
- Re: Firewall rulebase audit Captain Bock (Oct 25)
- RE: Firewall rulebase audit Craig Wright (Oct 29)
- Re: Firewall rulebase audit Captain Bock (Oct 24)
- RE: Firewall rulebase audit Craig Wright (Oct 24)