Security Basics mailing list archives

RE: Firewall rulebase audit

From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Tue, 23 Oct 2007 09:08:51 -0700

I would say that the best audit for firewalls are manual. There are
tools that can point things out to you, but usually I run nessus or
similar from the outside to gain knowledge of open ports, then I
manually go through the acl's. Once, that's cleaned up, look at your
object groups, hit counters, and translations.

 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Roman Shirokov
Sent: Thursday, September 20, 2007 5:09 AM
To: jctx09 () yahoo com
Cc: security-basics () securityfocus com
Subject: Re: Firewall rulebase audit

Hi

You can check check  this:

CIS Level 1 & 2 Benchmarks and Audit Tool for Cisco IOS Routers and PIX
firewalls.

http://cisecurity.org/bench_cisco.html

I have a pair of PIX firewalls that I need to audit. I was hoping to 
get some guidelines for doing this. Antyhing specific to PIX would be

even better.

1) What is the best/easiest way to document a current policy?
Spreadsheet?? I would like to know what ports (services) are open and 
to where? Also duplicates, etc.? Would it be best just to put it in a 
spreadsheet? Is there a tool for this?

2)Is there standard Analysis checklist to go by when reviewing a (PIX)

firewall policy?

Any help is highly appreciated.

Thank you,

__________ NOD32 2541 (20070920) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com





--
Best regards,

Roman Shirokov

e-mail:insecure () yandex ru

Life has more imagination than we carry in our dreams... (Christopher
Columbus)



This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates 
which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the 
addressee(s) only.  If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is prohibited.  If you have received this email in error please notify the sender by reply instant message mail 
and delete the original message and any copies.

Current thread:

RE: Firewall rulebase audit Kevin Ortloff (Oct 23)
- RE: Firewall rulebase audit Craig Wright (Oct 24)
  - Re: Firewall rulebase audit Captain Bock (Oct 24)
    - Fwd: Firewall rulebase audit Captain Bock (Oct 24)
    - RE: Firewall rulebase audit Craig Wright (Oct 25)
    - Re: Firewall rulebase audit Captain Bock (Oct 25)
    - RE: Firewall rulebase audit Craig Wright (Oct 29)