Security Basics mailing list archives
Re: Firewall rulebase audit
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Thu, 20 Sep 2007 09:46:14 +0530
Hi JCTX, There is a tool developed by NII Consulting dedicatedly for Firewall Rule-base Analysis called "FireSec". FireSec - Firewall Rule base Analysis Tool FireSec features: 1. Simplified Analysis of Large Rule sets. 2. Removes redundancies. 3. Compares rule sets. 4. Groups common rules 5. Searches for vulnerable rule patterns. 6. Analyzes security. 7. Generates commands to clean up the configuration. 8. HTML report generation. Solution from FireSec: FireSec automates the analysis process, and use a multi-pronged approach to rationalize the rule base to the maximum extent possible with the help of: a) Traffic analysis to determine rules which have not been used b) Rules analysis to determine Redundant rules, Shadow rules, Group(able) rules c) Configuration analysis to determine objects which can be dropped. Security analysis can also be automated by formalizing the configuration and searching for vulnerable rule patterns or critical hosts or port ranges Supported Firewalls: 1. Cisco PIX 2. NetScreen 3. Cyberguard 4. Generic rule sets. More information on FireSec: http://www.niiconsulting.com/products/Firesec.html ----- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com On 19 Sep 2007 20:59:45 -0000, jctx09 () yahoo com <jctx09 () yahoo com> wrote:
I have a pair of PIX firewalls that I need to audit. I was hoping to get some guidelines for doing this. Antyhing specific to PIX would be even better. 1) What is the best/easiest way to document a current policy? Spreadsheet?? I would like to know what ports (services) are open and to where? Also duplicates, etc.? Would it be best just to put it in a spreadsheet? Is there a tool for this? 2)Is there standard Analysis checklist to go by when reviewing a (PIX) firewall policy? Any help is highly appreciated. Thank you,
Current thread:
- Firewall rulebase audit jctx09 (Sep 19)
- Re: Firewall rulebase audit Garry Baker (Sep 20)
- Firewall gnatbox gb-2000e rulebase audit Wilson Mosquera (Sep 20)
- Re: Firewall rulebase audit Roman Shirokov (Sep 20)
- RE: Firewall rulebase audit Murda Mcloud (Sep 20)
- Re: Firewall rulebase audit David Hamm (Sep 20)
- RE: Firewall rulebase audit Palmer, Mark (Sep 20)
- Re: Firewall rulebase audit c0unter14 (Sep 20)
- Re: Firewall rulebase audit David Hamm (Sep 20)
- Re: Firewall rulebase audit Garry Baker (Sep 20)
- Re: Firewall rulebase audit Nikhil Wagholikar (Sep 20)
- Re: Firewall rulebase audit Brian Laing (Sep 21)
- <Possible follow-ups>
- Re: Firewall rulebase audit blah (Sep 20)
- RE: Firewall rulebase audit Chinnery, Paul (Sep 21)