Firewall Wizards mailing list archives

Re: secure firewall rule management program

From: Matthias Leu <mleu () aerasec de>
Date: Wed, 28 Oct 2009 11:52:01 +0100

Hi Morty,
have you had a look at Tufin SecureTrack and SecureChange Workflow?
It's not free, but quite good and I think your requirements are fulfilled.

It runs on Linux and is written by security professionals.
SecureTrack is connected to Check Point SmartCenter or MDS/CMA via
OPSEC, other vendors are supported too (e.g. Juniper, Cisco,
Fortinet,...).
Each 'save' gives a new revision, no 'install' necessary. So reports,
and above all, alerts are generated before installing the new version on
the firewalls.
Expired rules can be found, rule usage is based on logging - also the
use of objects within rules is documented, so not only unused rules but
also unused objects can be found. I found out that esp. finding these
objects is important and not so easy without a tool.
Based on logging an automatic policy generation is possible, offering
many parameters for the suggested rulebase. Further on, many different
types of reports and audits (also PCI-DSS) can be configured and run.
Users can be defined as admin or as simple user with different roles and
therefore rights.
Tufin SecureChange Workflow offers a very open and individually
configrable system. Many different workflows can be defined. These
workflows need to be followed. Many different roles can be defined, e.g.
admin, end user (requestor), approver, implementer, dispatcher etc. You
are very free in defining users and workflows.
The request can be checked agains compliance alerts and rules for
business continuity from Tufin SecureTrack. So when a user requests a
'forbidden connection', an alert is generated. For sure, existing rules
as well as objects can be considered.

We work with this software since a longer time now, it's good. Have a
look at www.tufin.com

Best regars,
Matthias
-- 
AERAsec Network Services and Security GmbH       HRB: 133265 München
Wagenberger Strasse 1                            UStID: DE-209125001
D-85662 Hohenbrunn, Germany
Tel. +49 8102 895 190                          Fax. +49 8102 895 199
Sitz der Ges.: D-85662 Hohenbrunn, Geschäftsführer: Dr. Matthias Leu
http://www.aerasec.de                             http://www.fw-1.eu
PGP Public Key: http://www.aerasec.de/wir/publickeys/MatthiasLeu.asc
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: secure firewall rule management program Matthias Leu (Nov 05)
- Re: secure firewall rule management program Morty Abzug (Nov 05)
  - Re: secure firewall rule management program Marcin Antkiewicz (Nov 10)
- <Possible follow-ups>
- Re: secure firewall rule management program Lan Li (Nov 15)