• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 482
  • Last Modified:

Need to audit a PIX configuration

I am in the situation where I need to audit a network that is being protected by a PIX 515 firewall (v4.4). Besides (1) just getting a configuration report with "write t" and giving myself a headache trying to decipher it, and (2) running nessus against the box to see the practical exposures (and yes, I have permission to do so), does anyone have any ideas, guides, tools, white papers, references, etc. whereby I can do a reasonable audit/assessment of the firewall's configuration?

Thanks,
Wayne
0
eisenbergw
Asked:
eisenbergw
  • 2
1 Solution
 
lrmooreCommented:
You mean people are still running 4.x on PIX? Yipes!

There are tools for IOS configs, but none that I'm aware of for PIX.

http://www.cisecurity.org/bench_cisco.html

If your nessus or other tools can't penetrate from outside, then it's doing it's job.
Else, you need to have a PIX person look it over for you and provide input. Nothing beats "eyes on" from an expert.
You can post here if you want and we can comment, just mask the real ip addresses/names/passwords
0
 
lrmooreCommented:
You can read all the security advisories for the PIX and compare..
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_security_advisories_list.html
0
 
GnartCommented:
Cisco has browser based Pix Device Manager (PDM) free but it is included only with 6.x.  You can check.  Cisco's Policy Secure Manager (CPSM) and Cisco Work, buth they cost $....

PDM http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/index.html

cheers
0
 
eisenbergwAuthor Commented:
OK, thanks. I wasn't sure that there was anything available at all. The cisecurity stuff looks good for the other things, though.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now