Re: Auditing a Firewall rulebase

["arvind doraiswamy" <arvind.doraiswamy () gmail com>]

Hey All,
Thank you once again for your feedback. Been a bit busy lately and not
got time to work on this. However version 1.2 is finally out. Just a
few key features added in this time:

--- Checks for internal IP's on an external interface as per RFC 1918
--- Checks for redundancy in access lists (does an access list get
covered by another nested list somewhere)
--- Checks for needless object groups at the network and the service level

You can find FWAuto 1.2 on Sourceforge at:
http://downloads.sourceforge.net/fwauto/fwauto_v1.2.zip?modtime=1228296655&big_mirror=0

Hope this represents a little improvement on the last release and a
little more useful to you all. Your feedback as usual is extremely
important to me :) . Please tell me what's lacking and what more I can
put into it.

Cheers
Arvind

> > Hey All,
> > Thanks to everyone who gave me feedback. I've released version 1.1 of
> > the Firewall Rulebase Automation tool. Not a major upgrade but
> > still a
> > few things cleaned up and it looks better now:
> >
> > - Outputs now available in reasonably neat HTML format :D
> > - No more complex command line arguments, everything's in a config
> > file- More ports added in vulnerable ports section
> > - Options available to obtain detailed/non detailed output
> >
> > I wanted to put in detailed redundancy checking but the effort
> > involved was too high for this release. Maybe version 1.2 , whenever
> > that is ;).
> >
> > The latest version is available at:
> > http://downloads.sourceforge.net/fwauto/fwauto_v1.1.zip?use_mirror=osdn
> >
> > As usual please get back to me with your brickbats , they are the only
> > way I can improve on my work. Any good feedback, suggested
> > improvements and patches as well are thoroughly appreciated :)
> >
> > Thanks
> > Arvind
> > Paladion Networks - http://www.paladion.net
> >
> >
> > ---------- Forwarded message ----------
> > From: arvind doraiswamy <arvind.doraiswamy () gmail com>
> > Date: Wed, Jun 18, 2008 at 3:06 PM
> > Subject: Auditing a Firewall rulebase
> > To: pen-test () securityfocus com
> >
> >
> > Hi Guys,
> > Maybe there have been times when you have pentested a firewall. As
> > part of a grey box engagement you were assigned the task of auditing
> > that HUGE firewall rulebase and were stuck on how to proceed , just
> > because of the sheer volume of information. I hence have created a
> > little tool in Perl to help in auditing a rulebase and helping you in
> > narrow down on the weak rules. Obviously this is a big Work In
> > Progress and can be better but its a start and what I've written works
> > - Current support is just for Cisco PIX though the framework was
> > designed to scale across multiple firewalls and no major changes need
> > to be made.
> >
> > Please come back to me with feedback on how I can make this better and
> > what I've missed in the first place. The code can be accessed at:
> > http://sourceforge.net/projects/fwauto
> >
> > Thanks
> > Arvind Doraiswamy
> > Security Consultant - Paladion Networks
> > http://www.paladion.net

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------