From: Lodin, Steven {D106~Indianapolis} (steven.lodin@roche.com)
Date: Mon Jan 03 2005 - 15:20:02 EST
The Firewall Analyzer is less a penetration testing tool and more of a firewall rules analyzer. It started out first as a commercial product called the Lumeta Firewall Analyzer. From previous experience - for complex firewall configurations, it gives pretty decent insight. From their site:
----
Manual inspection of firewall rules involves a high probability of errors. Corporations need to have their firewalls audited in a systematic and comprehensive way to avoid the errors that leave security gaps. Only sophisticated computerized products are able to tackle such a task: there are simply too many possibilities for humans to handle unassisted.
A comprehensive approach to firewall policy analysis requires analyzing all intrusion scenarios between all IP addresses (source and destinations), analyzing all possible source and destination ports and all protocols. A quick calculation shows that there are over 1030 possible combinations. On such a scale, active testing is not a viable option, since it would take longer than the age of our planet in order to complete.
FA started its development in 1998 by a team of researchers at Bell Labs, led by FA creator Avishai Wool, PhD. It is protected by four patents in various approval stages. The FA report contains over 1,500 richly-linked HTML-based files. This structure allows a very easy drill down to more detail, without cluttering the high level view. All the reports may be stored on a server to allow easy access to any authorized user, or exported to MS office file format such as Word or Excel. This allows you to import the results of the firewall analysis into a database, as well as to include portions of the reports in tailor-made documents.
----
Steve
> -----Original Message-----
> From: Chuck Fullerton [mailto:chuckf69@ceinetworks.com]
> Sent: Monday, January 03, 2005 1:25 PM
> To: Greg Dreelin; pen-test@lists.securityfocus.com
> Subject: RE: Routers, Switches, and Firewall testing
>
>
> Here is a commercial tool that is rather new but looking very
> promising.
>
www.algosec.com
It is a Firewall Analysis tool. It imports all configs into the software
and analyzes it for possible vulnerabilities. Has some bells and whistles
to make the job easier..
Chuck F.
-----Original Message-----
From: Greg Dreelin [mailto:gdreelin@edsicorp.com]
Sent: Monday, January 03, 2005 9:59 AM
To: pen-test@lists.securityfocus.com
Subject: Routers, Switches, and Firewall testing
Pen-Test Group,
I have a question to present that is in need of a good answer. The
question I have is "Is there any good programs for VAP testing routers,
switches, and firewalls?" I know there is the Router Assessment Tool (RAT)
for Cisco router and there is FTEST for firewalls, but are there any other
programs that can be loaded on to a Laptop Toolkit that can do the testing?
Looking for a all in one program if there is such a thing. If anyone has
any good ideas please let me know. Thanks ahead.
v/r
Gregory (Greg) S. Dreelin
Senior Systems Analyst
Marine Corp Information Assurance Assessment Team (MCIAAT)
gdreelin@edsicorp.com
540-720-0841/0843/2093 /2106
Cell 703-843-1962
__________________________________________________________________
'Information is Knowledge, Knowledge is Power, and Power is Dangerous"
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT