Re: [fw-wiz] How automate firewall tests
- From: "Avishai Wool" <yash@xxxxxxx>
- Date: Tue, 22 Aug 2006 15:47:59 +0300
Jean-Denis,
On 8/18/06, Jean-Denis Gorin <jdgorin@xxxxxxxxxxxx> wrote:
Strabla Ruggero wrote:
What I need is someone that could tell me which type of tests you do on
your firewalls and that you like too see automated
What I would like, is a tool able to answer 2 questions:
1/ what is the security level of my firewal platform (OS security, patches up
to date, is the firewall protect itself well, ...)?
2/ is the configuration of that firewall compliant with my security policy?
If you don't mind commercial tools, then
I suggest that you take a look at the AlgoSec Firewall Analyzer
http://www.algosec.com
It will do all of item 2 and part of item 1
(check that the firewall policy protects the firewall itself)
The first point could be achieved with tools like vulnerability scanner,
malformed packet scanner, patch manager, and so on. You have to add a tool able
to audit the security configuration of the firewall to check what is the level
of auto protection
yep
The second point requires a tool able to *understand* a security policy. And
that requires a tool able to *model* a security policy.
Then, you have to code a security policy checker. And analyzing the firewall
configuration files is *not* the right way: you have to find an external way to
check that to be sure that the firewall implementation of the security policy is
right. That means accepting the authorized data flows, *and* reject all others
kind. The difficult part is to check 'all others kind of data flows', including
tunneling, covert channel, ...
I agree with almost all the above except the statement
"analyzing the firewall configuration files is *not* the right way"
It's not very easy to do, certainly not easy to do *well*, but it is
very possible!
if you are interested, you can find some academic
papers about how it works at: http://www.eng.tau.ac.il/~yash/fw/index.html
The AlgoSec firewall analyzer implements all the things you mentioned,
and then some: it parses the config files, builds a model,
does a comprehensive offline analysis of what the firewall is
configured to allow,
and then compares the results with a knowledge base about what is risky.
Avishai.
.disclosure: I created the firewall analyzer starting at Bell Labs
circa 1998, then at
Lumeta, and now at AlgoSec. So I am naturally biased.
_______________________________________________
JDG
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] How automate firewall tests
- From: Jean-Denis Gorin
- Re: [fw-wiz] How automate firewall tests
- Prev by Date: Re: [fw-wiz] How automate firewall tests
- Next by Date: Re: [fw-wiz] How automate firewall tests
- Previous by thread: Re: [fw-wiz] How automate firewall tests
- Next by thread: Re: [fw-wiz] How automate firewall tests
- Index(es):
Relevant Pages
|
|
