Firewall Wizards mailing list archives
Re: secure firewall rule management program
From: Matthias Leu <mleu () aerasec de>
Date: Wed, 28 Oct 2009 11:52:01 +0100
Hi Morty, have you had a look at Tufin SecureTrack and SecureChange Workflow? It's not free, but quite good and I think your requirements are fulfilled. It runs on Linux and is written by security professionals. SecureTrack is connected to Check Point SmartCenter or MDS/CMA via OPSEC, other vendors are supported too (e.g. Juniper, Cisco, Fortinet,...). Each 'save' gives a new revision, no 'install' necessary. So reports, and above all, alerts are generated before installing the new version on the firewalls. Expired rules can be found, rule usage is based on logging - also the use of objects within rules is documented, so not only unused rules but also unused objects can be found. I found out that esp. finding these objects is important and not so easy without a tool. Based on logging an automatic policy generation is possible, offering many parameters for the suggested rulebase. Further on, many different types of reports and audits (also PCI-DSS) can be configured and run. Users can be defined as admin or as simple user with different roles and therefore rights. Tufin SecureChange Workflow offers a very open and individually configrable system. Many different workflows can be defined. These workflows need to be followed. Many different roles can be defined, e.g. admin, end user (requestor), approver, implementer, dispatcher etc. You are very free in defining users and workflows. The request can be checked agains compliance alerts and rules for business continuity from Tufin SecureTrack. So when a user requests a 'forbidden connection', an alert is generated. For sure, existing rules as well as objects can be considered. We work with this software since a longer time now, it's good. Have a look at www.tufin.com Best regars, Matthias -- AERAsec Network Services and Security GmbH HRB: 133265 München Wagenberger Strasse 1 UStID: DE-209125001 D-85662 Hohenbrunn, Germany Tel. +49 8102 895 190 Fax. +49 8102 895 199 Sitz der Ges.: D-85662 Hohenbrunn, Geschäftsführer: Dr. Matthias Leu http://www.aerasec.de http://www.fw-1.eu PGP Public Key: http://www.aerasec.de/wir/publickeys/MatthiasLeu.asc _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: secure firewall rule management program Matthias Leu (Nov 05)
- Re: secure firewall rule management program Morty Abzug (Nov 05)
- Re: secure firewall rule management program Marcin Antkiewicz (Nov 10)
- <Possible follow-ups>
- Re: secure firewall rule management program Lan Li (Nov 15)
- Re: secure firewall rule management program Morty Abzug (Nov 05)