InfoSecterInfoSecter is a tool set for exploring the packet handling behavior of firewall configuration files. One of the primary challenges of modern network security is finding out what the firewalls are doing and why. InfoSecter lets you take apart firewall configurations into their constituent behaviors so that you can more rapidly and reliably find the information you need to manage your security. If you've ever spent hours trying to find the configuration rule that is blocking your traffic, or figuring out what has changed from a previous configuration, you will find InfoSecter a hair saving tool. The heart of InfoSecter is Analyzer. Analyzer processes firewall configuration files, converting them to a uniform data structure that is a complete functional model of the configuration. Because this data structure is functional, it is not confused by textual changes, such as renaming a group, changing the order of configuration lines, comments, etc. In addition, Analyzer can compare two models regardless of what types of devices the configuration files came from. Comparing two configurations across a device upgrade is easy. Although the model is functional, it keeps track of the source lines in the configuration that create the behavior so that actions can be tracked back to their original source, even if that source is multiple different lines in the configuration. Analyzer produces XML output which can be viewed directly or analyzed by customer scripts. In addition, InfoSecter Visualizer provides a graphical interface for the Analyzer output. Visualizer creates a spreadsheet, with columns for packet properties (such as source address) and a row for each set of packets that are handled the same way by the firewall. The data can be sorted on any packet property, and filtered to select only packet sets of interest. Each row is tied back to the source elements in the configuration file so that any interesting behavior can be immediately tracked back to its source in the configuration. InfoSecter also contains Querent, a structured editor for constraints to be used with Analyzer. Each constraint specifies the properties of a network packet and the expected behavior of the firewall. With this, Analyzer can check a configuration for any behavior that does not match the constraints. Together, these InfoSecter tools provide the capabilities to rapidly locate relevant parts of a firewall configuration based on the network packet handle behavior of interest. |