Firewall Wizards mailing list archives
Re: Cisco PIX 515 Firewall
From: Paul Robertson <proberts () patriot net>
Date: Thu, 26 Feb 2004 07:51:20 -0500 (EST)
On Thu, 26 Feb 2004 M.C.M.Merks () delagelanden com wrote:
Hi all, I'm looking for a audit program on a Cisco PIX 515 Firewall. Can anyone help me with this?
Firewalls should be audited against a security policy, that's not a programatically solvable problem (unless you have one heck of a detailed security policy already in a program-friendly format, with systems databased..,) as it requires interpretation of the policy. If the security policy doesn't clearly delineate what's allowed to traverse the firewall, then you're looking at the wrong part of the problem. If you do, you can feed the policy through a simulator and compare it to the current policy, but that's probably going to take as much time as going through the rules individually. In the past, I've found it more helpful to have a platform expert manually audit firewall rulebases against a security policy, as they can not only check for security, but they generally can check for efficiency and will know the common platform issues. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX 515 Firewall M . C . M . Merks (Feb 26)
- Re: Cisco PIX 515 Firewall Paul Robertson (Feb 26)