|
|
Firewall Configuration Complexity
Seriously Simplified by Athena Security
|
Athena Security
Athena provides comprehensive
analysis tools for managing and simplifying firewall
configuration complexity. We make this possible
by revealing the precise relationship between firewall
rules and network services in a single device or
across an entire network. Developed to address the
operational needs of network engineers, Athena’s
products provide safe, offline analysis with the
strength, attention to detail, scale and flexibility
necessitated by companies of all sizes.
|
Policy Analysis
Our comprehensive policy analysis
is based on any combination of source, destination,
service, or interface. Using the configuration file
for input, FirePAC generates reports based on packet
filtering ACLs, routing tables, and NATs. It details
the specific configuration rules that give rise
to any specific policy. It will also evaluate the
polices against industry best practices so that
zeroing in on the root cause of problems is clear
and straightforward. |
|
Legacy rules have a way of piling up and
adding unnecessary complexity. Over the
years, at least 20% of the rulebases of
many production firewalls become unnecessary.
There are systems where this ratio is as
high as 60%. |
|
Mike Chapple, SeachSecurity.com |
|
Anomaly Detection
Athena is an expert at inferring
higher level policies from firewall rules. We use
this ability to provide the most accurate and complete
detection of redundant and covered rules that have
no effect on packet accept or deny policies because
there are other rules or combinations of rules that
achieve the same thing. This analysis is provided
as a report that fully displays all the rules and
also provides the rule or line number for easy reference.
Athena also identifies overlapping and conflicting
rules. |
FirePAC’s Firewall Analysis
Athena FirePAC reduces the
amount of manual effort and expense required to
manage complex firewall rules. It helps ensure a
correct configuration that allows only essential
services in and out of the firewall. It precisely
pinpoints the rules that can be cleaned from a firewall,
making the configuration easier to understand and
manage. A cost effective solution for networks of
all sizes, FirePAC installs and starts mapping rule
inter-dependencies in minutes. |
Policy Comparison
This report lists the changes,
grouped by output interface and service, correlated
to the actual impact. Comparing policies, rather
than configurations, is the most clear-cut way to
understand what is happening on a firewall. Use
it before a change is committed, or after, to verify
that the rules implement a given security policy
correctly.
Using FirePAC
FirePAC runs analysis offline
without any packet transmission. All it takes to
get to these powerful reports is a configuration
file! |
|
|
|
|
|
