Penetration Testing mailing list archives
Re: Firewall rulebase automation - Grey Box assessment
From: "Rick Zhong" <sagiko () gmail com>
Date: Mon, 30 Jun 2008 09:06:52 +0800
Thanks Arvind for putting the efforts to develope the tool. You may want to take a look at AlgoSec's Automated Firewall Analyzer, I have tried it (http://www.algosec.com/en/products/firewall_analyzer.php). Good features, good results and cost good amount of $$$ (per firewall) as well. regards, Rick On Wed, Jun 25, 2008 at 1:21 PM, arvind doraiswamy <arvind.doraiswamy () gmail com> wrote:
Hi Guys, Maybe there have been times when you have pentested a firewall. As part of a grey box engagement you were assigned the task of auditing that HUGE firewall rulebase and were stuck on how to proceed , just because of the sheer volume of information. I hence have created a little tool in Perl to help in auditing a rulebase and helping you in narrow down on the weak rules. Obviously this is a big Work In Progress and can be better but its a start and what I've written works - Current support is just for Cisco PIX though the framework was designed to scale across multiple firewalls and no major changes need to be made. Please come back to me with feedback on how I can make this better and what I've missed in the first place. The code can be accessed at: http://sourceforge.net/projects/fwauto Thanks Arvind Doraiswamy Security Consultant - Paladion Networks http://www.paladion.net ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- Information (In)Security @ Where It Matters - http://blog.rickzhong.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Firewall rulebase automation - Grey Box assessment arvind doraiswamy (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Clement Dupuis (Jun 25)
- RE: Firewall rulebase automation - Grey Box assessment Naveed Ahmed (Jun 25)
- RE: Firewall rulebase automation - Grey Box assessment Chris Brenton (Jun 26)
- RE: Firewall rulebase automation - Grey Box assessment Peter Parker (Jun 27)
- RE: Firewall rulebase automation - Grey Box assessment Naveed Ahmed (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Clement Dupuis (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Peter Parker (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Nikhil Wagholikar (Jun 27)
- Re: Firewall rulebase automation - Grey Box assessment Rick Zhong (Jun 29)
- <Possible follow-ups>
- Re: Firewall rulebase automation - Grey Box assessment arvind doraiswamy (Jun 25)