Sunday, March 28, 2010

Flint – Web-based Firewall Rule Scanner

Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

•CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
•ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
•SANITY CHECK CHANGES to see if new rules create problems.
Flint is absolutely free. There’s no catch. You can download the source from the git repository. This isn’t the “play at home” version; it’s their second product, and they want to do it open source.

Why You Need Flint

You have multiple firewalls protecting internal networks from the Internet and controlling access to customer data. Your business changes, and so do your firewalls, and not always at the same time. Firewalls can get out of step with policies.

Everybody makes mistakes. To understand a firewall configuration, you have to read hundreds of configuration lines, and then you have to think like a firewall does. People aren’t good at thinking like firewalls. So most firewalls are riddled with subtle mistakes. Some of those mistakes can be expensive:

•INSECURE SERVICES might be allowed through the firewall, preventing it from blocking attacks.
•LAX CONTROLS ON DMZs may expose staging and test servers.
•FIREWALL MANAGEMENT PORTS may be exposed to untrusted networks.
•REDUNDANT FIREWALL RULES may be complicating your configuration and slowing you down.

You can download Flint here:

VMWare Virtual Machine –
OVF Virtual Machine –
Source – flint-current.tgz

No comments:

Post a Comment