?
Solved

Using CIS RAT program for a PIX firewall and getting the following error: No matching rules found.

Posted on 2005-02-24
7
Medium Priority
?
1,878 Views
Last Modified: 2013-11-16
Here is the output of the Rat program when I try to audit a PIX configuration file.  Does anyone know what I am dong wrong?

Thanks,
Benje02

C:\CIS\RAT\bin>rat -t cisco-pix pix_config.txt
auditing pix_config.txt...
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/common.conf/
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/cis-level-1.conf/
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/cis-level-2.conf/
Checking: pix_config.txt
done checking pix_config.txt.
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/common.conf/
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/cis-level-1.conf/
Parsing: /C:\CIS\RAT/etc/configs/cisco-pix/cis-level-2.conf/
ncat_report: skipping pix_config.txt.ncat_out.txt.  No matching rules found.
ncat_report: writing rules.html (cisco-pix-benchmark.html).
ncat_report: skipping all.  No matching rules found.


0
Comment
Question by:benje02
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 13398603
Personal opinion - RAT tool sucks. I would never use it for any purpose.
I've tried the latest ver 2.2 specifically says for PIX and I get the same result.
If you open the rules.html, it still says 2.1 and everything is for a router, not a pix..
0
 

Author Comment

by:benje02
ID: 13415234
Irmoore,

What do you use for this purpose?  

Thanks,
Benje02
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13415267
I use the same basis as a guide only, experience, and a complete understanding of capabilities of the products and requirements of the implementation.

NSA publishes their router security guide which is what the RAT tool is based on
http://www.nsa.gov/snac/downloads_cisco.cfm

My problem with this is that it was published over 18 months ago, the research and writing done over 2 years ago. Cisco IOS and products have changed dramatically since then with a slew of new capabilites, new vulnerabilities, and new features.

There is no published "best practices" for PIX firewall, which, by the way, will have a new version 7.0 coming out soon with 23 pages of descriptions of new features.

What, exactly, are you looking for?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:benje02
ID: 13419594
I was looking for something similar to the IOS AutoSecure for the PIX.  I have about one years experience with routers and firewalls and was looking for information to help me determine if my configuration was as secure as possbile and guide me on the general security practices for these devices.

Thanks for your help.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13419672
The thing about a pix is that it is secure out of the box, designed to be a world class firewall. Any changes are explicit, but you can compromise the security. A lot of "features" of $50 soho boxes can't be enabled on a PIX because they would compromise the security features.

A router on the other hand was designed to pass packets back and forth. Security was sort of an afterthought. That's why the security guides were published and the autosecure feature included after how many years on the market?

You can always post your pix config here (just mask out any passwords and real public IP's) if you want us to look it over for you.
0
 

Author Comment

by:benje02
ID: 13419790
Thanks, I will do that in the future.  You have been a great help to me over the past two years answering questions and I really appreciate the help.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13419801
Glad to be here. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question