Fwd: Firewall rulebase audit

["Captain Bock" <newsletters () mar7ins net>]

I used FTester in a recent test campaign with very interesting results.

U can find this at:
http://dev.inversepath.com/trac/ftester

All the best

Captain Bock


On 10/24/07, Craig Wright <Craig.Wright () bdo com au> wrote:
> These are a manual process. Tools may aid in the process, but it is
> still a process of comparing config to policy (and hopefully one
> exists).
>
> No tool can decide what is good for a firm/company. Tools will help
> extract the data, but to my knowledge there is no expert system that
> will analyse a company security policy and map it to a list of ingress
> and egress filters. (Maybe a good topic for a hopeful PhD candidate in
> Computational Linguistics, Computational learning and Security).
>
> Regards,
> Craig S Wright
> GSE-Compliance
>
>
>
> Craig Wright
> Manager of Information Systems
>
> Direct : +61 2 9286 5497
> Craig.Wright () bdo com au
> +61 417 683 914
>
> BDO Kendalls (NSW)
> Level 19, 2 Market Street Sydney NSW 2000
> GPO BOX 2551 Sydney NSW 2001
> Fax +61 2 9993 9497
> www.bdo.com.au
>
> Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
> those States and Territories of Australia where such legislation exists.
>
> The information in this email and any attachments is confidential.  If you are not the named addressee you must not 
> read, print, copy, distribute, or use in any way this transmission or any information it contains.  If you have 
> received this message in error, please notify the sender by return email, destroy all copies and delete it from your 
> system.
>
> Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls.  
> You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
> Director of BDO Kendalls.  It is your responsibility to scan this communication and any files attached for computer 
> viruses and other defects.  BDO Kendalls does not accept liability for any loss or damage however caused which may 
> result from this communication or any files attached.  A full version of the BDO Kendalls disclaimer, and our Privacy 
> statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com 
> au.
>
> BDO Kendalls is a national association of separate partnerships and entities.
>
> -----Original Message-----
>
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Kevin Ortloff
> Sent: Wednesday, 24 October 2007 2:09 AM
> To: Roman; jctx09 () yahoo com
> Cc: security-basics () securityfocus com
> Subject: RE: Firewall rulebase audit
>
> I would say that the best audit for firewalls are manual. There are
> tools that can point things out to you, but usually I run nessus or
> similar from the outside to gain knowledge of open ports, then I
> manually go through the acl's. Once, that's cleaned up, look at your
> object groups, hit counters, and translations.
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Roman Shirokov
> Sent: Thursday, September 20, 2007 5:09 AM
> To: jctx09 () yahoo com
> Cc: security-basics () securityfocus com
> Subject: Re: Firewall rulebase audit
>
> Hi
>
> You can check check  this:
>
> CIS Level 1 & 2 Benchmarks and Audit Tool for Cisco IOS Routers and PIX
> firewalls.
>
> http://cisecurity.org/bench_cisco.html
>
> > I have a pair of PIX firewalls that I need to audit. I was hoping to
> > get some guidelines for doing this. Antyhing specific to PIX would be
> even better.
>
>
> > 1) What is the best/easiest way to document a current policy?
> > Spreadsheet?? I would like to know what ports (services) are open and
> > to where? Also duplicates, etc.? Would it be best just to put it in a
> > spreadsheet? Is there a tool for this?
>
>
> > 2)Is there standard Analysis checklist to go by when reviewing a (PIX)
> firewall policy?
>
>
> > Any help is highly appreciated.
>
>
> > Thank you,
>
> > __________ NOD32 2541 (20070920) Information __________
>
> > This message was checked by NOD32 antivirus system.
> > http://www.eset.com
>
>
>
>
> --
> Best regards,
>
> Roman Shirokov
>
> e-mail:insecure () yandex ru
>
> Life has more imagination than we carry in our dreams... (Christopher
> Columbus)
>
>
>
> This email, its contents and attachments contain information from j2
> Global Communications, Inc. and/or its affiliates which may be
> privileged, confidential or otherwise protected from disclosure. The
> information is intended to be for the addressee(s) only.  If you are not
> an addressee, any disclosure, copy, distribution, or use of the contents
> of this message is prohibited.  If you have received this email in error
> please notify the sender by reply instant message mail and delete the
> original message and any copies.