Firewall Wizards mailing list archives
Re: How automate firewall tests
From: "Avishai Wool" <yash () acm org>
Date: Tue, 22 Aug 2006 15:47:59 +0300
Jean-Denis, On 8/18/06, Jean-Denis Gorin <jdgorin () computer org> wrote:
Strabla Ruggero wrote:What I need is someone that could tell me which type of tests you do on your firewalls and that you like too see automatedWhat I would like, is a tool able to answer 2 questions: 1/ what is the security level of my firewal platform (OS security, patches up to date, is the firewall protect itself well, ...)? 2/ is the configuration of that firewall compliant with my security policy?
If you don't mind commercial tools, then I suggest that you take a look at the AlgoSec Firewall Analyzer http://www.algosec.com It will do all of item 2 and part of item 1 (check that the firewall policy protects the firewall itself)
The first point could be achieved with tools like vulnerability scanner, malformed packet scanner, patch manager, and so on. You have to add a tool able to audit the security configuration of the firewall to check what is the level of auto protection
yep
The second point requires a tool able to *understand* a security policy. And that requires a tool able to *model* a security policy. Then, you have to code a security policy checker. And analyzing the firewall configuration files is *not* the right way: you have to find an external way to check that to be sure that the firewall implementation of the security policy is right. That means accepting the authorized data flows, *and* reject all others kind. The difficult part is to check 'all others kind of data flows', including tunneling, covert channel, ...
I agree with almost all the above except the statement "analyzing the firewall configuration files is *not* the right way" It's not very easy to do, certainly not easy to do *well*, but it is very possible! if you are interested, you can find some academic papers about how it works at: http://www.eng.tau.ac.il/~yash/fw/index.html The AlgoSec firewall analyzer implements all the things you mentioned, and then some: it parses the config files, builds a model, does a comprehensive offline analysis of what the firewall is configured to allow, and then compares the results with a knowledge base about what is risky. Avishai. .disclosure: I created the firewall analyzer starting at Bell Labs circa 1998, then at Lumeta, and now at AlgoSec. So I am naturally biased.
JDG _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Oliver Humpage (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Isaac Van Name (Aug 21)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Avishai Wool (Aug 22)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Chuck Swiger (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 22)
- Re: How automate firewall tests ArkanoiD (Aug 22)