Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Firewall rulebase automation - Grey Box assessment
From: "Naveed Ahmed" <Naveed.Ahmed () dubaicustoms ae>
Date: Thu, 26 Jun 2008 08:28:05 +0400

Hello All
There is another great tool at http://www.niiconsulting.com/products/Firesec.html

This will help you to housekeep rule bases as well as analyse them

Regards,

Naveed Ahmed CISM, CISA, CISSP, ITIL Fn.
Information Security Analyst – IT  D&D Department
Customs Development Division
Dubai Customs
 
Phone: +9714 3023776 Fax: +9714 3450695
P.O. Box: 63, Dubai, UAE 

نافيد أحمد
محال أمن المعلومات - تصميم و تطوير تقنية المعلومات 
جمارك دبي
 
هاتف:9714 3023776 +  فاكس: 9714 3450695 + 
ص.ب:  63، دبي، إ.ع.م 

 
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Clement Dupuis
Sent: Wednesday, June 25, 2008 10:07 PM
To: arvind doraiswamy
Cc: pen-test () securityfocus com
Subject: Re: Firewall rulebase automation - Grey Box assessment

Good day Arvind,

This seems like an interesting tool.

Does the tool identifies conflicting rules which is often time one of 
the main concern with a very large rulebase.  For example, can it 
identify that rule 23 is doing nothing because there is a rule before 
that already allow the traffic.

Thanks a lot

Clement



arvind doraiswamy wrote:
Hi Guys,
Maybe there have been times when you have pentested a firewall. As
part of a grey box engagement you were assigned the task of auditing
that HUGE firewall rulebase and were stuck on how to proceed , just
because of the sheer volume of information. I hence have created a
little tool in Perl to help in auditing a rulebase and helping you in
narrow down on the weak rules. Obviously this is a big Work In
Progress and can be better but its a start and what I've written works
- Current support is just for Cisco PIX though the framework was
designed to scale across multiple firewalls and no major changes need
to be made.

Please come back to me with feedback on how I can make this better and
what I've missed in the first place. The code can be accessed at:
http://sourceforge.net/projects/fwauto

Thanks
Arvind Doraiswamy
Security Consultant - Paladion Networks
http://www.paladion.net

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

********************************************DISCLAIMER********************************************
This email and any files transmitted with it are confidential and contain privileged or copyright 
information. If you are not the intended recipient you must not copy, distribute or use this email
or the information contained in it for any purpose other than to notify us of the receipt thereof.
If you have received this message in error, please notify the sender immediately, and delete this
email from your system.

Please note that e-mails are susceptible to change.The sender shall not be liable for the improper
or incomplete transmission of the information contained in this communication,nor for any delay in
its receipt or damage to your system.The sender does not guarantee that this material is free from
viruses or any other defects although due care has been taken to minimise the risk.
**************************************************************************************************

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault