Solved

Need to audit a PIX configuration

Posted on 2003-12-05
4
466 Views
Last Modified: 2013-11-16
I am in the situation where I need to audit a network that is being protected by a PIX 515 firewall (v4.4). Besides (1) just getting a configuration report with "write t" and giving myself a headache trying to decipher it, and (2) running nessus against the box to see the practical exposures (and yes, I have permission to do so), does anyone have any ideas, guides, tools, white papers, references, etc. whereby I can do a reasonable audit/assessment of the firewall's configuration?

Thanks,
Wayne
0
Comment
Question by:eisenbergw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9884357
You mean people are still running 4.x on PIX? Yipes!

There are tools for IOS configs, but none that I'm aware of for PIX.

http://www.cisecurity.org/bench_cisco.html

If your nessus or other tools can't penetrate from outside, then it's doing it's job.
Else, you need to have a PIX person look it over for you and provide input. Nothing beats "eyes on" from an expert.
You can post here if you want and we can comment, just mask the real ip addresses/names/passwords
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9884385
You can read all the security advisories for the PIX and compare..
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_security_advisories_list.html
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9932123
Cisco has browser based Pix Device Manager (PDM) free but it is included only with 6.x.  You can check.  Cisco's Policy Secure Manager (CPSM) and Cisco Work, buth they cost $....

PDM http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/index.html

cheers
0
 

Author Comment

by:eisenbergw
ID: 10104457
OK, thanks. I wasn't sure that there was anything available at all. The cisecurity stuff looks good for the other things, though.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco RV042G 4 26
2960 port config for both PC & SIP phone using QoS 2 57
pfsense upgrade from 2.2.6 to 2.3.3 28 86
DHCP for a new, 2nd subnet 12 61
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question