Solved

Need to audit a PIX configuration

Posted on 2003-12-05
4
441 Views
Last Modified: 2013-11-16
I am in the situation where I need to audit a network that is being protected by a PIX 515 firewall (v4.4). Besides (1) just getting a configuration report with "write t" and giving myself a headache trying to decipher it, and (2) running nessus against the box to see the practical exposures (and yes, I have permission to do so), does anyone have any ideas, guides, tools, white papers, references, etc. whereby I can do a reasonable audit/assessment of the firewall's configuration?

Thanks,
Wayne
0
Comment
Question by:eisenbergw
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9884357
You mean people are still running 4.x on PIX? Yipes!

There are tools for IOS configs, but none that I'm aware of for PIX.

http://www.cisecurity.org/bench_cisco.html

If your nessus or other tools can't penetrate from outside, then it's doing it's job.
Else, you need to have a PIX person look it over for you and provide input. Nothing beats "eyes on" from an expert.
You can post here if you want and we can comment, just mask the real ip addresses/names/passwords
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9884385
You can read all the security advisories for the PIX and compare..
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_security_advisories_list.html
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9932123
Cisco has browser based Pix Device Manager (PDM) free but it is included only with 6.x.  You can check.  Cisco's Policy Secure Manager (CPSM) and Cisco Work, buth they cost $....

PDM http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/index.html

cheers
0
 

Author Comment

by:eisenbergw
ID: 10104457
OK, thanks. I wasn't sure that there was anything available at all. The cisecurity stuff looks good for the other things, though.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now