Penetration Testing mailing list archives

Re: Firewall rulebase checking tool

From: Scott <opiesan () gmail com>
Date: Mon, 16 Aug 2010 17:44:48 -0400

Hello Jirka.

I don't know if you're strictly looking for open source tools or not
but there are a few commercial tools I've heard good things about.
Specifically they are:

Tufin
Algosec
Firemon

They all pretty much do the same thing although I've never used any of
them extensively. I believe they're compatible with all the major
firewall vendors (Check Point, Cisco, Juniper, etc.) and probably many
of the smaller ones as well. No clue about support for iptables
though. You'd have to ask them directly about that. Additionally, you
could also consider a professional services/consultant approach to
analyze the rulebase. I know Check Point has a service for this called
SmartUse. It would take longer than running your own tool but likely
costs less and you get the added value of a human consultant providing
their feedback on top of any automated analysis. Hope this helps.

Scott

On Fri, Aug 13, 2010 at 10:17 AM, Jirka Vejrazka
<jirka.vejrazka () gmail com> wrote:

Hi all,

 I'm trying to figure out if there is a tool that would help
validating firewall rulebase(s), if the configuration is available
(i.e. no blind pen-testing, more like an audit)

 I know about Flint from Matasano security, looking for some other
options too. Ability to recognize iptables and CheckPoint syntax would
be great.

 Any hints appreciated

   Jirka

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Firewall rulebase checking tool Jirka Vejrazka (Aug 13)
- Re: Firewall rulebase checking tool Christopher A. Jarosz (Aug 16)
- Re: Firewall rulebase checking tool Michal Merta (Aug 16)
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Message not available
  - Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Re: Firewall rulebase checking tool Nikhil Wagholikar (Aug 16)
- RE: Firewall rulebase checking tool lgpm (Aug 16)
- RE: Firewall rulebase checking tool Hugo V. Garcia R. (Aug 16)
- Re: Firewall rulebase checking tool Scott (Aug 16)
- Re: Firewall rulebase checking tool Tracy Reed (Aug 17)
  - Re: Firewall rulebase checking tool Jirka Vejrazka (Aug 17)
    - RE: Firewall rulebase checking tool K K Mookhey (Aug 18)
    - Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)
  - RE: Firewall rulebase checking tool Martinez, Daniel (Aug 18)
  - Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)