Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

A Tool and Process for Auditing and Certification of Cisco PIX Firewalls for a Given Architecture

IP.com Disclosure Number: IPCOM000193105D
Original Publication Date: 2010-Feb-10
Included in the Prior Art Database: 2010-Feb-10
Document File: 1 page(s) / 19K

Publishing Venue

IBM

Abstract

Disclosed is a tool and process for auditing and certification of Cisco* PIX* firewalls for a given architecture.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 91% of the total text.

Page 1 of 1

A Tool and Process for Auditing and Certification of Cisco PIX Firewalls for a Given Architecture

A tool and process is disclosed for auditing and certification of Cisco PIX firewalls for a given architecture.

The tool takes a copy of the Cisco PIX firewall configuration as input. In an instance, the configuration information is obtained from a "show run". Subsequently, site specific parameters such as Internet Protocol (IP) addresses, Simple Network Management Protocol (SNMP) servers, SNMP community strings, Logging Servers, Network Time Protocol (NTP) servers, Domain Name, HostName, Terminal Access Controller Access Control System (TACACS) Servers, and Hardware model are defined. Thereafter, a user is required to define interface parameters such as name, security level, IP address, network mask before the tool may begin the analysis.

Moving on, the tool analyzes the configuration information. In an instance, the tool automatically evaluates the configuration information line by line to verify if it matches to the given architecture.

Once the analysis is completed, the tool returns a result of the analysis. The result is presented as a formatted report indicating whether the Cisco PIX firewall passed or failed the configuration requirement for the given architecture. The report also indicates a list of errors for the given architecture.

The tool and process disclosed herein provides an automated method for auditing and ce...