Penetration Testing mailing list archives

Re: Firewall rulebase checking tool

From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Sun, 15 Aug 2010 09:39:13 +0530

Hi Jirka,

AFAIK, there are three tools to do Firewall Rulebase(s) Analysis:

1. Nipper - Earlier a open-source, now closed and commercial product,
is used to perform security audit of network device configuration
file. This includes validating firewall rulebase(s).
More Info: http://www.titania.co.uk/index.php?option=com_content&view=article&id=49&Itemid=55

2. Firesec - Firesec is a comprehensive solution for firewall rulebase
analysis in medium to large enterprise environments. It addresses the
problems inherent with large rule sets and helps purge and update a
rule base as per network requirements. Firesec provides multiple
functions such as removing redundant rules, grouping similar rules,
and searching for vulnerable rule patterns.
More Info: http://www.niiconsulting.com/products/Firesec.html

3. FWAuto - FWAuto is a Perl script and should work on any system with
Perl installed. Provide the running config of a PIX firewall to
fwauto. It will analyze and give you a list of weak rules in your rule
base and store the result in multiple output files.
More Info: http://sourceforge.net/projects/fwauto/

There might be more tools than these.

Hope these tools helps!

---
Nikhil Wagholikar
Sr. Consultant
Ernst and Young
Mumbai, India
Web: http://www.ey.com/

On 13 August 2010 19:47, Jirka Vejrazka <jirka.vejrazka () gmail com> wrote:

Hi all,

 I'm trying to figure out if there is a tool that would help
validating firewall rulebase(s), if the configuration is available
(i.e. no blind pen-testing, more like an audit)

 I know about Flint from Matasano security, looking for some other
options too. Ability to recognize iptables and CheckPoint syntax would
be great.

 Any hints appreciated

   Jirka

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Firewall rulebase checking tool Jirka Vejrazka (Aug 13)
- Re: Firewall rulebase checking tool Christopher A. Jarosz (Aug 16)
- Re: Firewall rulebase checking tool Michal Merta (Aug 16)
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Message not available
  - Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Re: Firewall rulebase checking tool Nikhil Wagholikar (Aug 16)
- RE: Firewall rulebase checking tool lgpm (Aug 16)
- RE: Firewall rulebase checking tool Hugo V. Garcia R. (Aug 16)
- Re: Firewall rulebase checking tool Scott (Aug 16)
- Re: Firewall rulebase checking tool Tracy Reed (Aug 17)
  - Re: Firewall rulebase checking tool Jirka Vejrazka (Aug 17)
    - RE: Firewall rulebase checking tool K K Mookhey (Aug 18)
    - Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)
  - RE: Firewall rulebase checking tool Martinez, Daniel (Aug 18)
  - Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)