Re: Firewall rulebase automation - Grey Box assessment

[Clement Dupuis <cdupuis () cccure org>]

Good day Arvind,

This seems like an interesting tool.

Does the tool identifies conflicting rules which is often time one of 
the main concern with a very large rulebase.  For example, can it 
identify that rule 23 is doing nothing because there is a rule before 
that already allow the traffic.

Thanks a lot

Clement



arvind doraiswamy wrote:
> Hi Guys,
> Maybe there have been times when you have pentested a firewall. As
> part of a grey box engagement you were assigned the task of auditing
> that HUGE firewall rulebase and were stuck on how to proceed , just
> because of the sheer volume of information. I hence have created a
> little tool in Perl to help in auditing a rulebase and helping you in
> narrow down on the weak rules. Obviously this is a big Work In
> Progress and can be better but its a start and what I've written works
> - Current support is just for Cisco PIX though the framework was
> designed to scale across multiple firewalls and no major changes need
> to be made.
>
> Please come back to me with feedback on how I can make this better and
> what I've missed in the first place. The code can be accessed at:
> http://sourceforge.net/projects/fwauto
>
> Thanks
> Arvind Doraiswamy
> Security Consultant - Paladion Networks
> http://www.paladion.net
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in 
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
>   

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------