Security Basics mailing list archives
Fwd: Firewall rulebase audit
From: "Captain Bock" <newsletters () mar7ins net>
Date: Wed, 24 Oct 2007 16:19:29 +0100
I used FTester in a recent test campaign with very interesting results. U can find this at: http://dev.inversepath.com/trac/ftester All the best Captain Bock On 10/24/07, Craig Wright <Craig.Wright () bdo com au> wrote:
These are a manual process. Tools may aid in the process, but it is still a process of comparing config to policy (and hopefully one exists). No tool can decide what is good for a firm/company. Tools will help extract the data, but to my knowledge there is no expert system that will analyse a company security policy and map it to a list of ingress and egress filters. (Maybe a good topic for a hopeful PhD candidate in Computational Linguistics, Computational learning and Security). Regards, Craig S Wright GSE-Compliance Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kevin Ortloff Sent: Wednesday, 24 October 2007 2:09 AM To: Roman; jctx09 () yahoo com Cc: security-basics () securityfocus com Subject: RE: Firewall rulebase audit I would say that the best audit for firewalls are manual. There are tools that can point things out to you, but usually I run nessus or similar from the outside to gain knowledge of open ports, then I manually go through the acl's. Once, that's cleaned up, look at your object groups, hit counters, and translations. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Roman Shirokov Sent: Thursday, September 20, 2007 5:09 AM To: jctx09 () yahoo com Cc: security-basics () securityfocus com Subject: Re: Firewall rulebase audit Hi You can check check this: CIS Level 1 & 2 Benchmarks and Audit Tool for Cisco IOS Routers and PIX firewalls. http://cisecurity.org/bench_cisco.htmlI have a pair of PIX firewalls that I need to audit. I was hoping to get some guidelines for doing this. Antyhing specific to PIX would beeven better.1) What is the best/easiest way to document a current policy? Spreadsheet?? I would like to know what ports (services) are open and to where? Also duplicates, etc.? Would it be best just to put it in a spreadsheet? Is there a tool for this?2)Is there standard Analysis checklist to go by when reviewing a (PIX)firewall policy?Any help is highly appreciated.Thank you,__________ NOD32 2541 (20070920) Information __________This message was checked by NOD32 antivirus system. http://www.eset.com-- Best regards, Roman Shirokov e-mail:insecure () yandex ru Life has more imagination than we carry in our dreams... (Christopher Columbus) This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply instant message mail and delete the original message and any copies.
Current thread:
- RE: Firewall rulebase audit Kevin Ortloff (Oct 23)
- RE: Firewall rulebase audit Craig Wright (Oct 24)
- Re: Firewall rulebase audit Captain Bock (Oct 24)
- Fwd: Firewall rulebase audit Captain Bock (Oct 24)
- RE: Firewall rulebase audit Craig Wright (Oct 25)
- Re: Firewall rulebase audit Captain Bock (Oct 25)
- RE: Firewall rulebase audit Craig Wright (Oct 29)
- Re: Firewall rulebase audit Captain Bock (Oct 24)
- RE: Firewall rulebase audit Craig Wright (Oct 24)