Re: network policy checking

Todd,

My primary area of interest is to see if the network I am assessing meets certain best practices, for eg: all the CISCO routers have a certain QOS, or IPSec/GRE tunnels are supported, etc.
Hope this clarifies things a bit?

Regards,
SC.


----- Original Message ----
From: Todd Haverkos <fsbo@xxxxxxxxxxxx>
To: Sony C <raagamuffin@xxxxxxxxx>
Cc: pen-test@xxxxxxxxxxxxxxxxx
Sent: Thursday, March 27, 2008 10:29:57 PM
Subject: Re: network policy checking

Sony C <raagamuffin@xxxxxxxxx> writes:

Hello fellow pen-testers,

I am looking for tools that perform network policy checking. Specifically, tools that allow the user to define a policy and then test the network elements to see if they adhere to this policy. As one might guess, this can be accomplished either via config file checking (passive) or actual network testing (active, via SNMP etc).
I am interested in both flavors, if they are available. These tools can be commercial or open-source/free/shareware.
While it is a broad requirement, this hypothetical tool will primarily be looking at routers, firewalls, etc.

Thank you in advance for sharing your thoughts.

Hi Sony,

Could you give some examples of specific routers and firewalls you're
looking to check, and what an example "network policy" issues you're
interested in? It might help focus down some of the recommendations.







____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: Misconceptions
    ... >> NAT can be implemented on many routers, but only on stub network (the ... usually a private/office network) routers. ... >> Routers are NOT firewalls. ... >> A NIDS is just that. ...
    (comp.security.firewalls)
  • Re: A MuahMan self-contradiction?
    ... I have used Anti-virus software in the past. ... With the newer routers, advanced hardware firewalls, ... Problem solved on EVERY OS for EVERY computer on your network. ...
    (comp.sys.mac.advocacy)
  • Re: Linksys hardware firewall enough...?
    ... >> network with one of those NAT systems and it gets compromised. ... I would never consider trying to break into a network that I was not ... them that the devices marketed as firewalls, that are only NAT Routers ...
    (comp.security.firewalls)
  • Re: Firewall vs. router
    ... to protect networks. ... However firewalls can do more in-depth security monitoring and intrusion ... which is not really available in a routers. ... my preference in a network design - let each device does whatever it ...
    (comp.dcom.sys.cisco)
  • Firewall vs. router
    ... I need something to protect my network. ... explanation and comparisons of the features that routers and firewalls ... E.g. Cisco PIX vs Cisco 1800. ...
    (comp.dcom.sys.cisco)