Firesec - Firesec - Firewall Analysis & Audit Tool
Firesec is a comprehensive solution for firewall rulebase analysis in medium to large enterprise environments. It addresses the problems inherent with large rule sets and helps purge and update a rule base as per network requirements. Firesec provides multiple functions such as removing redundant rules, grouping similar rules, and searching for vulnerable rule patterns.
Firesec helps answer the following questions:
- What traffic is allowed on to database servers?
- Are there any rules that permit traffic from my internal IP addresses to the Internet?
- Have I opened up risky ports such as Telnet (TCP 23), FTP (TCP 21), RDP (TCP 3389) to any of my servers?
- What traffic is allowed between my internal IP addresses and my DMZ?
- Do I have any rules which contradict each other (Shadow rules)?
- Do I have rules, which are no longer in use (Unused Rules)?
- Do I have rules, which are subsets of each other (Redundant Rules)?
- What objects have been created but are not being used in any rules?
Ability to read the firewall configuration and normalize it into a standardized database format. Both rules and firewall objects are fed into the database for analysis.
Includes standard firewall log parsing scripts which scan through giga bytes of firewall logs and retrieve the relevant packet information. Firesec matches the output against the rulesets to remove unused or redundant objects.
Rule base Analysis
Intelligently analyses the rule base to address instances of two or more rules, which match the same traffic and perform the same action, or two or more rules which match the same traffic, but perform opposite actions, or rules which can be combined by creating object groups.
Rule base Comparison
Smart comparison of two or more rule sets from different firewalls.
Enables quick analysis of the rule base by looking out for vulnerable patterns among the rules, which could be either specific IP ranges, subnets, ports, or port ranges.
Reduces the effort of repeating the analysis process by generating commands required to clean up the configuration.
Generates comprehensive HTML reports to provide the details on the updated rule sets.
- Cisco ASA and PIX
- Generic ruleset