Penetration Testing mailing list archives
Re: Auditing a Firewall rulebase
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Date: Wed, 3 Dec 2008 09:46:16 +0530
Hey All, Thank you once again for your feedback. Been a bit busy lately and not got time to work on this. However version 1.2 is finally out. Just a few key features added in this time: --- Checks for internal IP's on an external interface as per RFC 1918 --- Checks for redundancy in access lists (does an access list get covered by another nested list somewhere) --- Checks for needless object groups at the network and the service level You can find FWAuto 1.2 on Sourceforge at: http://downloads.sourceforge.net/fwauto/fwauto_v1.2.zip?modtime=1228296655&big_mirror=0 Hope this represents a little improvement on the last release and a little more useful to you all. Your feedback as usual is extremely important to me :) . Please tell me what's lacking and what more I can put into it. Cheers Arvind
Hey All, Thanks to everyone who gave me feedback. I've released version 1.1 of the Firewall Rulebase Automation tool. Not a major upgrade but still a few things cleaned up and it looks better now: - Outputs now available in reasonably neat HTML format :D - No more complex command line arguments, everything's in a config file- More ports added in vulnerable ports section - Options available to obtain detailed/non detailed output I wanted to put in detailed redundancy checking but the effort involved was too high for this release. Maybe version 1.2 , whenever that is ;). The latest version is available at: http://downloads.sourceforge.net/fwauto/fwauto_v1.1.zip?use_mirror=osdn As usual please get back to me with your brickbats , they are the only way I can improve on my work. Any good feedback, suggested improvements and patches as well are thoroughly appreciated :) Thanks Arvind Paladion Networks - http://www.paladion.net ---------- Forwarded message ---------- From: arvind doraiswamy <arvind.doraiswamy () gmail com> Date: Wed, Jun 18, 2008 at 3:06 PM Subject: Auditing a Firewall rulebase To: pen-test () securityfocus com Hi Guys, Maybe there have been times when you have pentested a firewall. As part of a grey box engagement you were assigned the task of auditing that HUGE firewall rulebase and were stuck on how to proceed , just because of the sheer volume of information. I hence have created a little tool in Perl to help in auditing a rulebase and helping you in narrow down on the weak rules. Obviously this is a big Work In Progress and can be better but its a start and what I've written works - Current support is just for Cisco PIX though the framework was designed to scale across multiple firewalls and no major changes need to be made. Please come back to me with feedback on how I can make this better and what I've missed in the first place. The code can be accessed at: http://sourceforge.net/projects/fwauto Thanks Arvind Doraiswamy Security Consultant - Paladion Networks http://www.paladion.net
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: Auditing a Firewall rulebase arvind doraiswamy (Dec 03)