I have recently worked on a number of projects where we needed to document and analyse a Firewall rule base for a customer. Although much of this process can only really be done by hand (and in your head), ideally much of the hard work can be eliminated, either by using someone else’s (preferably public/open-source) tools or through the re-use of existing templates and scripts. This not only saves time (and cost for the customer) it frees you up to perform more meaningful activities, like analysing potential security issues (rather than Excel issues).
I thought I’d share some of this experience here, and hopefully will save someone else a little time in the future too.
I should say that while ‘documentation’ is the primary goal here, the tools I mention here do far more than that, each in their own way. In my case, documentation was the name of the game, as before you can take a pre-existing environment and improve on it, you need to know what you’re dealing with. And in some cases a customer’s environment can be very difficult to come to grips with on the first pass, either because it was so poorly implemented in the past, or just because nobody bothered to write anything down.
Of course the end-game is about improvement – giving you the ability to migrate from a known (documented) state to a more secure, reliable and available future position. So hopefully some of these tools will also help you along the way to achieving that.
Continue reading Firewall rule base documentation and migration tools
The technology is more important than the business – yeah right!
As technologists is very easy to get caught up in the hype and grandeur of delivering “really cool stuff”. I mean it is not hard in today’s environment to quickly and easily stand-up complex solutions based on open source or commercial technologies. You want a VoIP solution – Asterisk can be downloaded and running [...]