Re: Firewall rulebase audit

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hi JCTX,

There is a tool developed by NII Consulting dedicatedly for Firewall
Rule-base Analysis called "FireSec".

FireSec - Firewall Rule base Analysis Tool

FireSec features:

1. Simplified Analysis of Large Rule sets.
2. Removes redundancies.
3. Compares rule sets.
4. Groups common rules
5. Searches for vulnerable rule patterns.
6. Analyzes security.
7. Generates commands to clean up the configuration.
8. HTML report generation.

Solution from FireSec:

FireSec automates the analysis process, and use a multi-pronged
approach to rationalize the rule base to the maximum extent possible
with the help of:

a)  Traffic analysis to determine rules which have not been used

b)  Rules analysis to determine Redundant rules, Shadow rules, Group(able) rules

c)  Configuration analysis to determine objects which can be dropped.

Security analysis can also be automated by formalizing the
configuration and searching for vulnerable rule patterns or critical
hosts or port ranges

Supported Firewalls:

1. Cisco PIX
2. NetScreen
3. Cyberguard
4. Generic rule sets.

More information on FireSec: http://www.niiconsulting.com/products/Firesec.html

-----
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com




On 19 Sep 2007 20:59:45 -0000, jctx09 () yahoo com <jctx09 () yahoo com> wrote:
> I have a pair of PIX firewalls that I need to audit. I was hoping to get some guidelines for doing this. Antyhing 
> specific to PIX would be even better.
>
>
> 1) What is the best/easiest way to document a current policy? Spreadsheet?? I would like to know what ports 
> (services) are open and to where? Also duplicates, etc.? Would it be best just to put it in a spreadsheet? Is there a 
> tool for this?
>
>
> 2)Is there standard Analysis checklist to go by when reviewing a (PIX) firewall policy?
>
>
> Any help is highly appreciated.
>
>
> Thank you,