This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
You'll spend most of your time in the Compare and Analysis interfaces. The Compare view allows you to see current rules, objects and global properties, offering a side-by-side comparison of current and previous versions. This is also where you can browse and drill down into firewall objects and properties, including any changes made. The revisions component is useful and allows you to view changes incrementally.
The Analyze tab allows you to make simple and effective queries, providing quick insight into any rule set. When you use the comparison and analysis tabs together, you can find conflicting and high-risk rules. Overlapping rules or gaps in rule sets between firewalls can lead to an unpredictable or insecure configuration. This risk assessment capability goes a long way toward helping you mitigate these issues.
These reports can be filtered by date, firewall, or nearly any other specific criteria. In addition to the canned reports, compliance and regulatory reports can be defined manually with custom policies that identify problem rules.
On the downside, the rule usage feature is currently not available for Cisco and Juniper firewalls.
Testing methodology: Our lab included a single instance of SecureTrack on Red Hat, two Check Point firewalls and one Cisco firewall. Rules were imported from production environments.
This was first published in April 2008