firewall rules 分析工具
http://www.cs.brown.edu/~sk/Publications/Papers/Published/nbfdk-margrave-firewall/Q:Hello,Do we have a tool for analyzing Cisco ASA/PIX and router config files? The client has a 2500 line config, and I would like to be able run some reports on the configuration.
Thanks,
A:, There are several audit tools with different features. The most common features in these tools are:
[*]Rule Analysis to detect security holes in the configuration (e.g. allow any)
[*]Configuration Analysis to find duplicate/overlapping unnecessary setting/rules/object
[*]Logfile analysis to find most used rules objects
[*]Rulebase analysis to find unused/unconsolidated objects rules
[*]Simulation of changes.
[*]Risk Analysis
[*]Access Analysis using multiple firewall rules (Can Point A reach at Point B using service C)
[*]Workflow automation
[*]Backup management
[*]Normalization of different firewall rules (e.g. Cisco Juniper Check Point on the same format)
[*]Change Management
[*]Regular Log Analysis
Of course, it is not possible to find all features on all solutions. Firewall vendors do also provide several tools to make audits easy.
That being said, I have seen 2 freeware config audit tools for Cisco (RAT and Nipper)
http://www.titania.co.uk/ Nipper
http://ncat.sourceforge.net/ RAT
Commercial Area is more active and they usually cover the known suspects (Check Point, Juniper, Cisco, Fortinet):
http://www.tufin.com SecureTrack, SecureChange Workflow
http://www.algosec.com Firewall Analyzer, FireFlow
http://www.securepassage.com Firemon
http://www.manageengine.com Firewall Log Analyzer
http://www.skyboxsecurity.com/ CertiFire, Firewall Analysis
http://www.redseal.net/ Redseal Vulnerability Advisor
http://www.athenasecurity.net FirePac, Verify
Let me know if you have a specific question.
cheers,
- yinal
页:
[1]