Re: Firewall rulebase automation - Grey Box assessment

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hello All,

Actually, Firesec does pretty much a logical security audit of the
firewall rulebase. It even checks with port and IP address ranges, and
has a specific module for PCI DSS compliance. For instance, it helps
you answer:

1. Which of the rules allow access on the telnet port (even if telnet
occurs in a port range such as tcp 20-25)
2. Which rules allow access to sensitive servers such as databases or
cardholder data environment
3. Do we have rules, which allow access from the Internet to the
internal network
4. Which rules allow traffic from the DMZ to sensitive servers on the
internal network
5. Show all rules, which are redundant to each other
6. Show all rules which are conflicting with each other

It even does a log analysis from the perspective of checking which
rules are in use and which ones are not.

Currently supported firewalls are Cyberguard, Netscreen, and CISCO PIX + ASA...

It happens to be a commercial tool, but is specifically built to ease
auditing of medium-large firewall rulebases.

More info is at http://www.niiconsulting.com/products/Firesec.html

--
Nikhil Wagholikar
Practice Lead - Security Assessment Team
NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html


On Wed, Jun 25, 2008 at 9:21 AM, arvind doraiswamy
<arvind.doraiswamy () gmail com> wrote:
> Hi Guys,
> Maybe there have been times when you have pentested a firewall. As
> part of a grey box engagement you were assigned the task of auditing
> that HUGE firewall rulebase and were stuck on how to proceed , just
> because of the sheer volume of information. I hence have created a
> little tool in Perl to help in auditing a rulebase and helping you in
> narrow down on the weak rules. Obviously this is a big Work In
> Progress and can be better but its a start and what I've written works
> - Current support is just for Cisco PIX though the framework was
> designed to scale across multiple firewalls and no major changes need
> to be made.
>
> Please come back to me with feedback on how I can make this better and
> what I've missed in the first place. The code can be accessed at:
> http://sourceforge.net/projects/fwauto
>
> Thanks
> Arvind Doraiswamy
> Security Consultant - Paladion Networks
> http://www.paladion.net
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------