Analytics
5/27/2009
02:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Secure Passage Offers Free Firewall Auditing Tool For PCI

Firewall Auditor 1.0 helps sysadmins evaluate firewall configurations, policies, and rules for security and compliance

OVERLAND PARK, KS — May 27, 2009 — Secure Passage, the leading supplier of firewall policy, risk and compliance management solutions, today announced Secure Passage Firewall Auditor, an application that enables IT administrators to quickly and easily evaluate firewall configurations, policies and rules for security and compliance. The company is making Secure Passage Firewall Auditor freely available for evaluating firewall compliance with the Payment Card Industry Data Security Standards (PCI DSS). Using the Firewall Auditor, IT security administrators will be able to quickly and easily import configuration data into the application and generate a comprehensive and accurate report that will enable them to evaluate configurations against the PCI DSS and take steps to remediate non-compliant configurations.

"Firewall configurations are so complex that attempting to evaluate them manually for compliance and remediation is all but impossible," said Jody Brazil, Secure Passage President and CTO. "Secure Passage Firewall Auditor will bring much needed relief to IT administrators charged with not only making sure that firewalls are secure and compliant but also with countless other tasks that contribute to complicated network environments."

The Microsoft Windows client application is the first solution of its kind available to IT security market. It is based on the firewall management and compliance industry's leading solution, FireMon, but does not require FireMon to be installed to operate.

With Secure Passage Firewall Auditor, firewall administrators can quickly and easily:

  • Retrieve and import firewall configurations from Check Point, Cisco and Juniper firewalls
  • Inspect configurations for non-compliance with major industry and government regulations
  • Produce accurate reports that display where and why rules and policies are non-compliant
  • Take steps to remediate non-compliant configurations

    With Secure Passage Firewall Auditor's PCI DSS report template, IT administrators can quickly and easily:

  • Evaluate 15 PCI DSS requirements from sections 1, 2 and 6, including: 1.1.5, which requires an assessment of the network services that the firewall policy permits to and from the PCI network segment; 1.2.1, which requires an assessment of the interaction between all wireless networks and the PCI network segment; and 2.3.0, which requires an assessment of administrative access into PCI systems, ensuring that appropriate encrypted access is enforced
  • Specify key input criteria to customize the audit to their organizations own, unique environment

    Availability Secure Passage Firewall Auditor 1.0 will be generally available during the second quarter of 2009.

    Secure Passage Social Media Links Follow Secure Passage on Twitter: @SecurePassage Join Secure Passage on Facebook: http://www.facebook.com/home.php#/group.php?gid=89462499187&ref=ts Join Secure Passage on LinkedIn: http://www.linkedin.com/companies/secure-passage?trk=co_search_results&goback=.cps_1243381578298_1

    About Secure Passage Secure Passage is the leading provider of firewall policy, risk, and compliance management solutions that simplify and automate the analysis of Configuration and Change Management processes to enhance security, optimize performance, and speed compliance reporting. The company's flagship product, FireMon, analyzes changes and performs audits in real-time, simplifies policy management, and enforces configuration governance across firewalls, switches, routers and other network devices. FireMon is the only solution on the market that can be customized to meet the unique audit and compliance reporting requirements for networks of all sizes while enabling IT organizations to do more with less effort. Enterprise strength deployments of FireMon around the world support more than 25,000 security devices from vendors such as Cisco, Juniper, Checkpoint, and McAfee. For more information, visit www.securepassage.com.

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2011-4403
    Published: 2015-04-24
    Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

    CVE-2012-2930
    Published: 2015-04-24
    Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

    CVE-2012-2932
    Published: 2015-04-24
    Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

    CVE-2012-5451
    Published: 2015-04-24
    Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

    CVE-2015-0297
    Published: 2015-04-24
    Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

    Dark Reading Radio
    Archived Dark Reading Radio
    Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.