Analytics
5/27/2009
02:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Secure Passage Offers Free Firewall Auditing Tool For PCI

Firewall Auditor 1.0 helps sysadmins evaluate firewall configurations, policies, and rules for security and compliance

OVERLAND PARK, KS — May 27, 2009 — Secure Passage, the leading supplier of firewall policy, risk and compliance management solutions, today announced Secure Passage Firewall Auditor, an application that enables IT administrators to quickly and easily evaluate firewall configurations, policies and rules for security and compliance. The company is making Secure Passage Firewall Auditor freely available for evaluating firewall compliance with the Payment Card Industry Data Security Standards (PCI DSS). Using the Firewall Auditor, IT security administrators will be able to quickly and easily import configuration data into the application and generate a comprehensive and accurate report that will enable them to evaluate configurations against the PCI DSS and take steps to remediate non-compliant configurations.

"Firewall configurations are so complex that attempting to evaluate them manually for compliance and remediation is all but impossible," said Jody Brazil, Secure Passage President and CTO. "Secure Passage Firewall Auditor will bring much needed relief to IT administrators charged with not only making sure that firewalls are secure and compliant but also with countless other tasks that contribute to complicated network environments."

The Microsoft Windows client application is the first solution of its kind available to IT security market. It is based on the firewall management and compliance industry's leading solution, FireMon, but does not require FireMon to be installed to operate.

With Secure Passage Firewall Auditor, firewall administrators can quickly and easily:

  • Retrieve and import firewall configurations from Check Point, Cisco and Juniper firewalls
  • Inspect configurations for non-compliance with major industry and government regulations
  • Produce accurate reports that display where and why rules and policies are non-compliant
  • Take steps to remediate non-compliant configurations

    With Secure Passage Firewall Auditor's PCI DSS report template, IT administrators can quickly and easily:

  • Evaluate 15 PCI DSS requirements from sections 1, 2 and 6, including: 1.1.5, which requires an assessment of the network services that the firewall policy permits to and from the PCI network segment; 1.2.1, which requires an assessment of the interaction between all wireless networks and the PCI network segment; and 2.3.0, which requires an assessment of administrative access into PCI systems, ensuring that appropriate encrypted access is enforced
  • Specify key input criteria to customize the audit to their organizations own, unique environment

    Availability Secure Passage Firewall Auditor 1.0 will be generally available during the second quarter of 2009.

    Secure Passage Social Media Links Follow Secure Passage on Twitter: @SecurePassage Join Secure Passage on Facebook: http://www.facebook.com/home.php#/group.php?gid=89462499187&ref=ts Join Secure Passage on LinkedIn: http://www.linkedin.com/companies/secure-passage?trk=co_search_results&goback=.cps_1243381578298_1

    About Secure Passage Secure Passage is the leading provider of firewall policy, risk, and compliance management solutions that simplify and automate the analysis of Configuration and Change Management processes to enhance security, optimize performance, and speed compliance reporting. The company's flagship product, FireMon, analyzes changes and performs audits in real-time, simplifies policy management, and enforces configuration governance across firewalls, switches, routers and other network devices. FireMon is the only solution on the market that can be customized to meet the unique audit and compliance reporting requirements for networks of all sizes while enabling IT organizations to do more with less effort. Enterprise strength deployments of FireMon around the world support more than 25,000 security devices from vendors such as Cisco, Juniper, Checkpoint, and McAfee. For more information, visit www.securepassage.com.

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2013-7421
    Published: 2015-03-02
    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

    CVE-2014-8160
    Published: 2015-03-02
    net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

    CVE-2014-9644
    Published: 2015-03-02
    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

    CVE-2015-0239
    Published: 2015-03-02
    The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

    CVE-2014-8921
    Published: 2015-03-01
    The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

    Dark Reading Radio
    Archived Dark Reading Radio
    How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.