Analytics
5/27/2009
02:17 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Secure Passage Offers Free Firewall Auditing Tool For PCI

Firewall Auditor 1.0 helps sysadmins evaluate firewall configurations, policies, and rules for security and compliance

OVERLAND PARK, KS — May 27, 2009 — Secure Passage, the leading supplier of firewall policy, risk and compliance management solutions, today announced Secure Passage Firewall Auditor, an application that enables IT administrators to quickly and easily evaluate firewall configurations, policies and rules for security and compliance. The company is making Secure Passage Firewall Auditor freely available for evaluating firewall compliance with the Payment Card Industry Data Security Standards (PCI DSS). Using the Firewall Auditor, IT security administrators will be able to quickly and easily import configuration data into the application and generate a comprehensive and accurate report that will enable them to evaluate configurations against the PCI DSS and take steps to remediate non-compliant configurations.

"Firewall configurations are so complex that attempting to evaluate them manually for compliance and remediation is all but impossible," said Jody Brazil, Secure Passage President and CTO. "Secure Passage Firewall Auditor will bring much needed relief to IT administrators charged with not only making sure that firewalls are secure and compliant but also with countless other tasks that contribute to complicated network environments."

The Microsoft Windows client application is the first solution of its kind available to IT security market. It is based on the firewall management and compliance industry's leading solution, FireMon, but does not require FireMon to be installed to operate.

With Secure Passage Firewall Auditor, firewall administrators can quickly and easily:

  • Retrieve and import firewall configurations from Check Point, Cisco and Juniper firewalls
  • Inspect configurations for non-compliance with major industry and government regulations
  • Produce accurate reports that display where and why rules and policies are non-compliant
  • Take steps to remediate non-compliant configurations

    With Secure Passage Firewall Auditor's PCI DSS report template, IT administrators can quickly and easily:

  • Evaluate 15 PCI DSS requirements from sections 1, 2 and 6, including: 1.1.5, which requires an assessment of the network services that the firewall policy permits to and from the PCI network segment; 1.2.1, which requires an assessment of the interaction between all wireless networks and the PCI network segment; and 2.3.0, which requires an assessment of administrative access into PCI systems, ensuring that appropriate encrypted access is enforced
  • Specify key input criteria to customize the audit to their organizations own, unique environment

    Availability Secure Passage Firewall Auditor 1.0 will be generally available during the second quarter of 2009.

    Secure Passage Social Media Links Follow Secure Passage on Twitter: @SecurePassage Join Secure Passage on Facebook: http://www.facebook.com/home.php#/group.php?gid=89462499187&ref=ts Join Secure Passage on LinkedIn: http://www.linkedin.com/companies/secure-passage?trk=co_search_results&goback=.cps_1243381578298_1

    About Secure Passage Secure Passage is the leading provider of firewall policy, risk, and compliance management solutions that simplify and automate the analysis of Configuration and Change Management processes to enhance security, optimize performance, and speed compliance reporting. The company's flagship product, FireMon, analyzes changes and performs audits in real-time, simplifies policy management, and enforces configuration governance across firewalls, switches, routers and other network devices. FireMon is the only solution on the market that can be customized to meet the unique audit and compliance reporting requirements for networks of all sizes while enabling IT organizations to do more with less effort. Enterprise strength deployments of FireMon around the world support more than 25,000 security devices from vendors such as Cisco, Juniper, Checkpoint, and McAfee. For more information, visit www.securepassage.com.

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2013-2595
    Published: 2014-08-31
    The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

    CVE-2013-2597
    Published: 2014-08-31
    Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

    CVE-2013-2598
    Published: 2014-08-31
    app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

    CVE-2013-2599
    Published: 2014-08-31
    A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

    CVE-2013-6124
    Published: 2014-08-31
    The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

    Best of the Web
    Dark Reading Radio
    Archived Dark Reading Radio
    This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.