| FIREWALL MANAGEMENT
Managing firewalls across an enterprise becomes increasingly difficult as organizations grow. Between the increase in use of distributed applications and needs for Internet connectivity, firewall rules can become complex and confusing, ultimately leading to misconfigurations and security holes.
AlgoSec's Firewall Analyzer (AFA) simplifies all aspects of firewall management, allowing you to discover and correlate redundant and conflicting ACL entries in routers and firewalls across the enterprise. Change management and regular audits are simplified tenfold, without modifying or interrupting production devices.
AFA can be installed on Red Hat Enterprise Linux and OpenSUSE, but not Windows. Before installation, you must create a dedicated user account and install JRE. Apache is automatically configured with SSL.
The only real issue we have with AFA management is that its dual interfaces force admins to go back and forth between them, which can be cumbersome. The local Linux interface provides user management, configuration options and overall management of the software. The Web-based interface is used more for day-to-day operations and reporting.
The audit engine is remarkable, using mathematical algorithms that calculate every possible packet that could traverse the firewall. This technique covers all external IP addresses, internal IP addresses, ports and protocols. All possible combinations are tested in every direction and on any interface.
Audits produce reports that contain data such as how a given rule or set of rules creates a risk. These risks are then rated, and can be investigated by drilling down to gain an in-depth understanding and suggested remediation. In our testing, for example, AFA detected a combination of rules that allowed UDP port 137 (NetBIOS) between our DMZ and internal network, and a recent change in a TFTP rule that opened the DMZ to inbound and outbound connections.
The change history report simplifies change management, providing an ongoing view of all changes, mitigated risks and new risks. The compliance report gives a top-down view of firewalls analyzed as they apply to a given need.
Testing methodology: Our lab included a single OpenSUSE 10.1 server with the AFA software installed. A number of sample configurations were used from various sources such as Cisco and Check Point firewalls. Configurations were analyzed individually and in groups to determine aggregate accuracy.