Re: Evaluating firewall rules/policy

[Francois Yang <francois.y () gmail com>]

you should also look at
Tufin and Algosec.
we've demoed both of them and they are both great products.
what ever you pick, I suggest you run it for at least a month or two
before buying to make sure it fits and does what you're looking for.
don't fall for the sales BS about we can do this and that or we'll be
able to do this next quarter, etc...without trying it.


Frank

On Sat, Sep 25, 2010 at 2:34 AM, Carl Davis, CISSP, CE|H, MCSE, CCSA
<carl.davis () rvasi com> wrote:
> You may want to give Secure Passage (http://www.securepassage.com/) a
> look if you have not already.
>
> Cheers,
>
> Carl Davis, C|EH, CISSP, MCSE, CCSA
> Vulnerability Assessment Team Lead
> RVASI - Ethical Hacking Solutions
> www.rvasi.com
> Office: (866) 599-3650
> Fax: (866) 409-0451
> Twitter: http://twitter.com/RVASI_Pentest
> Facebook: http://bit.ly/cGyNfW
>
> -----------------------------------------
> CONFIDENTIALITY NOTICE: This e-mail message and any attachments are
> only for the use of the intended recipient and may contain information
> that is privileged, confidential or exempt from disclosure under
> applicable law. If you are not the intended recipient, any disclosure,
> distribution or other use of this e-mail message or attachments is
> prohibited.  If you have received this e-mail message in error, please
> delete and notify the sender immediately. Thank you.
>
> On Fri, Nov 13, 2009 at 10:16 AM,  <dzembond () gmail com> wrote:
> > Hi all,
> >
> > does anyone have experience or possible suggestions for software and/or hardware solutions that could help me 
> > analyze existing firewall rules for possible issues and make suggestions according to Best Practices. We have mix of 
> > PIX/ASA's, Checkpoints as well as Junipers. It would be really beneficial if solution would make use of existing 
> > rule hit counts to determine which rules are not optimal or not needed.
> >
> > Regards
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------