Software to audit Cisco ASA Firewalls?

We are having an outside firm do an internal vulnerability assessment. Can anyone give me a good software to use for free, trial, or purchase that will scan our Cisco ASA Firewalls?

I am looking for something that will scan a configuration that is uploaded and also do a brute force direct scan on the hardware.
LVL 1
First LastAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

netjgrnautCommented:
...brute force direct scan on the hardware.

What does that mean?  "Brute force" typically implies password cracking.  Which has nothing to do with hardware.  And can be executed against an offline configuration.

So... the EE terms of service prohibit posting links to "hacking" tools here.

I'd suggest Metasploit if you want to test the ASA OS revision for known bugs.

A quick Google of "crack cisco password" should take you to the other tools.

Not exactly "auditing" - but the closest I can come based on the question.

If you're talking about port scanning *through* the ASA to the internal network, then that's a horse of a different color...
0
First LastAuthor Commented:
I already tested the ports going through the ASA. They only allow ports 80, 443, and some other ones we use.

Each year our auditor comes with some software, uploads our configure, then it highlights stuff in red and states why it is a problem. I was hoping to find a similar software.

All i'm doing is verifying the ios is updated, the accounts are secure, and we have the basic ips turned on. Not sure what else to do.
0
netjgrnautCommented:
http://security.stackexchange.com/questions/1982/automated-tools-for-cisco-ios-config-auditing

I don't think that will upset any of the mods here at EE.

Several good resources there.

Hope that helps!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
First LastAuthor Commented:
This is a good start for auditing the ASA. Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.