From: Naveed Ahmed (Naveed.Ahmeddubaicustoms.ae)
Date: Wed Jun 25 2008 - 23:28:05 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello All
There is another great tool at http://www.niiconsulting.com/products/Firesec.html

This will help you to housekeep rule bases as well as analyse them

Regards,

Naveed Ahmed CISM, CISA, CISSP, ITIL Fn.
Information Security Analyst – IT D&D Department
Customs Development Division
Dubai Customs
 
Phone: +9714 3023776 Fax: +9714 3450695
P.O. Box: 63, Dubai, UAE

äÇÝíÏ ÃÍãÏ
ãÍÇá Ããä ÇáãÚáæãÇÊ - ÊÕãíã æ ÊØæíÑ ÊÞäíÉ ÇáãÚáæãÇÊ
ÌãÇÑß ÏÈí
 
åÇÊÝ:9714 3023776 + ÝÇßÓ: 9714 3450695 +
Õ.È: 63¡ ÏÈí¡ Å.Ú.ã

 
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Clement Dupuis
Sent: Wednesday, June 25, 2008 10:07 PM
To: arvind doraiswamy
Cc: pen-testsecurityfocus.com
Subject: Re: Firewall rulebase automation - Grey Box assessment

Good day Arvind,

This seems like an interesting tool.

Does the tool identifies conflicting rules which is often time one of
the main concern with a very large rulebase. For example, can it
identify that rule 23 is doing nothing because there is a rule before
that already allow the traffic.

Thanks a lot

Clement

arvind doraiswamy wrote:
> Hi Guys,
> Maybe there have been times when you have pentested a firewall. As
> part of a grey box engagement you were assigned the task of auditing
> that HUGE firewall rulebase and were stuck on how to proceed , just
> because of the sheer volume of information. I hence have created a
> little tool in Perl to help in auditing a rulebase and helping you in
> narrow down on the weak rules. Obviously this is a big Work In
> Progress and can be better but its a start and what I've written works
> - Current support is just for Cisco PIX though the framework was
> designed to scale across multiple firewalls and no major changes need
> to be made.
>
> Please come back to me with feedback on how I can make this better and
> what I've missed in the first place. The code can be accessed at:
> http://sourceforge.net/projects/fwauto
>
> Thanks
> Arvind Doraiswamy
> Security Consultant - Paladion Networks
> http://www.paladion.net
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

********************************************DISCLAIMER********************************************
This email and any files transmitted with it are confidential and contain privileged or copyright
information. If you are not the intended recipient you must not copy, distribute or use this email
or the information contained in it for any purpose other than to notify us of the receipt thereof.
If you have received this message in error, please notify the sender immediately, and delete this
email from your system.

Please note that e-mails are susceptible to change.The sender shall not be liable for the improper
or incomplete transmission of the information contained in this communication,nor for any delay in
its receipt or damage to your system.The sender does not guarantee that this material is free from
viruses or any other defects although due care has been taken to minimise the risk.
**************************************************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]