Thursday, June 17, 2010

Free and Commercial Firewall Analysis Tools

Q:Hello,

Do we have a tool for analyzing Cisco ASA/PIX and router config files? The client has a 2500 line config, and I would like to be able run some reports on the configuration.

Thanks,

A:,
There are several audit tools with different features. The most common features in these tools are:
  • Rule Analysis to detect security holes in the configuration (e.g. allow any)
  • Configuration Analysis to find duplicate/overlapping unnecessary setting/rules/object
  • Logfile analysis to find most used rules objects
  • Rulebase analysis to find unused/unconsolidated objects rules
  • Simulation of changes.
  • Risk Analysis
  • Access Analysis using multiple firewall rules (Can Point A reach at Point B using service C)
  • Workflow automation
  • Backup management
  • Normalization of different firewall rules (e.g. Cisco Juniper Check Point on the same format)
  • Change Management
  • Regular Log Analysis

Of course, it is not possible to find all features on all solutions. Firewall vendors do also provide several tools to make audits easy.

That being said, I have seen 2 freeware config audit tools for Cisco (RAT and Nipper)
http://www.titania.co.uk/ Nipper
http://ncat.sourceforge.net/ RAT

Commercial Area is more active and they usually cover the known suspects (Check Point, Juniper, Cisco, Fortinet):

http://www.tufin.com SecureTrack, SecureChange Workflow
http://www.algosec.com Firewall Analyzer, FireFlow
http://www.securepassage.com Firemon
http://www.manageengine.com Firewall Log Analyzer
http://www.skyboxsecurity.com/ CertiFire, Firewall Analysis
http://www.redseal.net/ Redseal Vulnerability Advisor
http://www.athenasecurity.net FirePac, Verify

Let me know if you have a specific question.
cheers,
- yinal

1 comment:

Ahmed Azizuddin said...

Thanks for sharing tha firewall rule base analyzer tools. Can you guide me in the case of GB Firewall(GNAT Box)

Thanks in advance