In the vein of the questions about forensics, I'd be interested to hear what tools/techniques people use on Firewall reviews, both in terms of periodic reviews as an auditor or consultant, or maintaining firewall rulesets on the operational IT side of things.
Asked
Active
Viewed 1,019 times
7
-
1Matasano's [Playbook](http://www.matasano.com/playbook/) is the only firewall ruleset management tool I've read about, but Matasano's Thomas Ptacek really knows his stuff. – user502 Dec 17 '10 at 20:39
4 Answers
3
For Firewall rule-set and device config reviews I really like Nipper.
Easy to use, but still need to be an experienced security professional to work the results as it can create a lot of noise. The latest version is good at not reporting some of the false-positives that the earlier versions did, which does make life interesting.
Only downside is they have recently gone more commercial so will need to see how the cost model works out.
David Stubley
- 2,886
- 1
- 17
- 28
2
Though I personally have not used it much, I've heard very good things about Tufin's SecureTrack products.
However these are commercial products (and I think kinda pricey).
For operational management, it allows you to manage all your firewalls, even from different vendors, and apply policies across the board. Manage and compare rulesets, discovery, monitoring, etc.
For auditing (havent used), complete audit trail of any changes, compairson reports to corporate policies or regulations such as PCI, and more...
AviD
- 72,138
- 22
- 136
- 218
1
Just to add some additional tools to the ones that people have already answered with
- AlgoSec Firewall Analyzer has a firewall managemenet/auditing product which works similarly to @AviDs description of SecureTrack.
- For Cisco PIX/ASA, Matasano (who do playbook) have a free audit tool called Flint
- For Netscreens, there's NS2HTML, which converts their rulebase into an HTML format, doesn't actually do the analysis, but helps understand the rulebase.
Rory McCune
- 60,923
- 14
- 136
- 217
