Long time since I wrote something!!! BUt let me tell you I'm not out of touch as I was writing for some external websites and magazines and didnt get time to write for my own blog. Well this is for IT auditors having issues assessing CISCO PIX firewalls. I had a new team for one of my recent assignment where we had to assess the IT controls for our client. We had to evaluate the firewalls and generate a fancy report as always required by the management. Some of my team members were fairly new to firewalls and we had ton's to verify level 1 security for all of location around the globe. This is when I got an idea to create a script that goes through the firewall's running config and verifies the various security configurations.
This program, written in VBScript makes use of WMI routines while reading the configuration file in offline mode. (requires you to provide running config as input in txt format). This way you dont even have to touch you firewall and take the risk of some external program runing your current configuration.
This little script audits the running config which is provided as an input (when it asks for it) and prepares a fancy excel report which has information on two separate sheets. The first sheet has the following information and a comparision with industry leading recommended values for level 1 security settings like:
1. Password Encryption 2. Logging/mode of logging 3. SYSLOG 4. AAA 5. IDS status 6. Failover configuration 7. Timeouts 8. Login Banner 9. SSh configuration.
The second sheet give you little more details on the following critical areas which you can use for further planning and scoping your detailed audit analysis. It also verifies the following details:
1. Local users created on the firewall with their privilege levels
2. Allowed protocols
3. Interfaces in uses with the security level assigned.
Here's a sample of the report that is generated by this program.
The program really helped us reducing the overall effort and time in evaluating the multiple page running configs and preparing reports for management.
Feel free to write to me at arvind.mehta16@gmail.com if you think this program might help in performing you tasks in a more efficient and effective manner.
Keep visiting for more information.
Cheers
AM
No comments:
Post a Comment