Penetration Testing mailing list archives
Re: Firewall rulebase checking tool
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Sun, 15 Aug 2010 09:39:13 +0530
Hi Jirka, AFAIK, there are three tools to do Firewall Rulebase(s) Analysis: 1. Nipper - Earlier a open-source, now closed and commercial product, is used to perform security audit of network device configuration file. This includes validating firewall rulebase(s). More Info: http://www.titania.co.uk/index.php?option=com_content&view=article&id=49&Itemid=55 2. Firesec - Firesec is a comprehensive solution for firewall rulebase analysis in medium to large enterprise environments. It addresses the problems inherent with large rule sets and helps purge and update a rule base as per network requirements. Firesec provides multiple functions such as removing redundant rules, grouping similar rules, and searching for vulnerable rule patterns. More Info: http://www.niiconsulting.com/products/Firesec.html 3. FWAuto - FWAuto is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files. More Info: http://sourceforge.net/projects/fwauto/ There might be more tools than these. Hope these tools helps! --- Nikhil Wagholikar Sr. Consultant Ernst and Young Mumbai, India Web: http://www.ey.com/ On 13 August 2010 19:47, Jirka Vejrazka <jirka.vejrazka () gmail com> wrote:
Hi all, I'm trying to figure out if there is a tool that would help validating firewall rulebase(s), if the configuration is available (i.e. no blind pen-testing, more like an audit) I know about Flint from Matasano security, looking for some other options too. Ability to recognize iptables and CheckPoint syntax would be great. Any hints appreciated Jirka ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Firewall rulebase checking tool Jirka Vejrazka (Aug 13)
- Re: Firewall rulebase checking tool Christopher A. Jarosz (Aug 16)
- Re: Firewall rulebase checking tool Michal Merta (Aug 16)
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Message not available
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 16)
- Re: Firewall rulebase checking tool Nikhil Wagholikar (Aug 16)
- RE: Firewall rulebase checking tool lgpm (Aug 16)
- RE: Firewall rulebase checking tool Hugo V. Garcia R. (Aug 16)
- Re: Firewall rulebase checking tool Scott (Aug 16)
- Re: Firewall rulebase checking tool Tracy Reed (Aug 17)
- Re: Firewall rulebase checking tool Jirka Vejrazka (Aug 17)
- RE: Firewall rulebase checking tool K K Mookhey (Aug 18)
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)
- RE: Firewall rulebase checking tool Martinez, Daniel (Aug 18)
- Re: Firewall rulebase checking tool anthony . cicalla (Aug 18)
- Re: Firewall rulebase checking tool Jirka Vejrazka (Aug 17)