Firewalls: Tools for testing firewalls integrity

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Tools for testing firewalls integrity
From:	Laurent Balzinger - Centre Reseau Communication - Universite Louis Pasteur <Laurent . Balzinger @ crc . u-strasbg . fr>
Date:	Thu, 30 Nov 1995 08:29:28 +0100
To:	firewalls @ GreatCircle . COM

Hello FWG,
 
 First apologize for my ignorance.  
 
Does anybody have an idea about one or more tools
that could control firewall "integrity" ?

I explain a little more.

For example we could have a site with multiple routers and access list
in every one. So a tool with :
      * knowledge of the network  ( Topology database , group composition, ...)
      * group security policy (i.e. group general rights,stations with specials 
          rights,  rights beetween groups : all based upon IP services and 
          more widely other services of other protocols like appletalk and IPX)
      * network testing abilities.
      * syslog analysis abilities.
      
I have been heard about SATAN or ISS . It seems that this tools work on
system security from the network. My mind is to test if the rules in the acls
are mutually coherent and then really test each authorized (and non) link .


Laurent

Indexed By Date	Previous:	RE: A1 Systems? From: "Marcus J. Ranum" <mjr @ iwi . com>
Indexed By Date	Next:	DNS on a firewall From: Jon Whitton <jonw @ mntcmp2 . demon . co . uk>
Indexed By Thread	Previous:	Need help with SMTP and DNS, will pay. From: sam @ Aptech . com (Samuel D. Jones)
Indexed By Thread	Next:	DNS on a firewall From: Jon Whitton <jonw @ mntcmp2 . demon . co . uk>