Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pix rulebase/policy analysis

From: "Richard Golodner" <rgolodner () infratection com>
Date: Thu, 20 Sep 2007 13:03:30 -0400
1-       A spreadsheet is a good way to keep track of the current rule set
you have applied to the Pix. It must be maintained and kept up to date. For
determining what services are being allowed, or blocked look at the
running-configuration.  You could also use NMAP to see what services you are
running. This will show you what the public network sees. 

2-       It is never a real good idea to jeopardize the current
configuration by making changes in real time. Copy it to a text editor and
make the changes, then apply it to your Pix. MAKE SURE YOU HAVE A BACKUP OF
YOU R CURRENT FUNCTIONING CONFG!

3-       Check your logging application top see what rules are being tested
the most. Also look at your ACL's hit counts.

4-       I am unaware of a standard analysis checklist.

Hope this helps a little, Richard Golodner

 

  _____  

From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of jacob
c
Sent: Wednesday, September 19, 2007 10:12 AM
To: firewall-wizards () listserv cybertrust com
Subject: [fw-wiz] Pix rulebase/policy analysis

 

I'm a newbie to the PIX line but these questions would apply to other
firewalls as well. I have some questions that I hope you guys can assist me
with.

 

Two Questions:

1) What is the best/easiest way to document a current policy? Spreadsheet??
I 

would like to know what ports (services) are open and to where? Also
duplicates, 

etc.? Would it be best just to put it in a spreadsheet? Is there a tool for 

this?

2) Once an audit/analysis has been made, what is a good way to make the new 

changes, if there are many? Would it best just to download the config and
modify 

it offline?

3) What is the method to see what rules are being hit the most so I can 

rearrange the rules in the most logical, efficient order?

4) Is there standard Analysis checklist to go by when reviewing a PIX
firewall 

policy?

Any help is highly appreciated.

Thank you,

  

  _____  

Check
<http://us.rd.yahoo.com/evt=51201/*http:/autos.yahoo.com/new_cars.html;_ylc=
X3oDMTE5NWVzZGVyBF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDYXV0b3MtbmV3Y2Fy%0d%
0a>  out the hottest 2008 models today at Yahoo! Autos. 


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: