Re: Cisco PIX 515 Firewall

[Paul Robertson <proberts () patriot net>]

On Thu, 26 Feb 2004 M.C.M.Merks () delagelanden com wrote:

> Hi all,
>
> I'm looking for a audit program on a Cisco PIX 515 Firewall. Can anyone help
> me with this?

Firewalls should be audited against a security policy, that's not a
programatically solvable problem (unless you have one heck of a detailed
security policy already in a program-friendly format, with systems
databased..,) as it requires interpretation of the policy.

If the security policy doesn't clearly delineate what's allowed to
traverse the firewall, then you're looking at the wrong part of the
problem.  If you do, you can feed the policy through a simulator and
compare it to the current policy, but that's probably going to take as
much time as going through the rules individually.

In the past, I've found it more helpful to have a platform expert manually
audit firewall rulebases against a security policy, as they can not only
check for security, but they generally can check for efficiency and will
know the common platform issues.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards