AlgoSec Security. Visibility. Governance
   
 
Data Collection
Semi-Automatic
Manual
 

Semi-Automatic Data Collection

Download the data collection script:

Firewall-1 Windows NT batch file Instructions Download
ckp_collect.bat version: 1.23
Firewall-1 Sun Solaris, Linux, SecurePlatform, Nortel Alteon or Nokia IPSO Instructions Download
ckp_collect.tar version: 1.76 (within a .tar archive)
PIX Instructions
Cisco router access-control list (IOS) collection scripts Instructions Download
routerdump.pl utility version: 1.11 (within a .tar archive)
Juniper Netscreen Instructions Download
nsm_log_collect.tar version: 1.3 (within a .tar archive)

 


Semi-automatic data collection procedures

Full instructions for running the data collection scripts can be found in the AlgoSec Firewall Analyzer's User Guide.
Quick-start instructions appear below:

• Check Point - Non-Windows

(Sun Solaris, Linux,SecurePlatform, Nortel Alteon or Nokia IPSO)

Step 1 - Preparation
The ckp_collect script needs to run on the Check Point Firewall-1 management station. It also uses Check Pointi's OPSEC commands on the management station to extract the routing table from the Check Point enforcement module.

Step 2 (Optional, AFA v5.0 or above) - Run log collection script
In order to include log analysis in the report, you will need to manually collect the logs as well. This step is optional.
Login to the relevant log server as root (can be the SmartCenter or CMA).
Run the script ckp_log_collect, and answer the questions. Log collection may take some time.
An archive with the logs will be created.

Copy the generated archive to the relevant SmartCenter/PV-1 (where the ckp_collect script is), and proceed to Step 3.

Step 3 - Run collection script
Login to the management module as root (or a user that has access to the Check Point files). If you use Provider-1, type:
        ckp_collect -p
    Otherwise, type:
        ckp_collect

The script will take you through a question-and-answer session, and will collect the necessary files and routing table. An archive file called ckp-〈firewallname〉-〈date〉.tar is created: this is the file you need to transfer to the AFA machine for analysis.

Step 4 - Automate the data collection using your stored profile
At the end of the data collection session, the script will ask you if you wish to store your answers in a profile, and will let you choose a name for your profile.
Note: your SSH password is not stored in the profile.

Once you have a stored profile, you may use it to streamline the collection process. Assume you have a profile named "myfw".

Login to the management module as root (or a user that has access to the Check Point files). Then type:
        ckp_collect myfw
The script will use the answers you provided when you created the "myfw" profile (except your ssh password).

Type "ckp_collect -h" for a summary of activation switches and options.

Full instructions for running the data collection scripts can be found in the AlgoSec Firewall Analyzer's User Guide (pdf).

Step 5 - Verify your topology
If your firewall is internal, or connected to a business partner, or to a DMZ press here.

 

• Check Point Firewall-1 - Windows

Step 1 - Run collection script
If your Check Point Firewall-1 management station uses Windows NT/2000/XP, you need to use the ckp_collect.bat batch file. To run the script type:

         ckp_collect /remote filter-module-IP-address

where "filter-module-IP-address" is the IP address of one of the modules managed by this management station. An archive file called C:\Algosec\ckp_collect\ckp_collect.tar.gz is created. This is the file you need to copy to the AlgoSec Firewall Analyzer machine.

Step 2 - Verify your topology
If your firewall is internal, or connected to a business partner, or to a DMZ press here.

 

• Cisco router access-control list (IOS)

Step 1 - Run collection script
Run the routerdump.pl collection script to create a file named routername-, followed by the creation date.

 

• Juniper Netscreen

Step 1 - Manually collect the Netscreen configuration file
Use the Juniper Netscreen web interface to collect a Netscreen configuration file manually:

Use your browser to connect to the Netscreen firewall, and using the navigation bar on the left select Configuration→Update→Config File:
Click on the "Save To File" button.
When prompted, save the file with an extension of ".nsc", such as "myNetscreen.nsc".
Copy the ".nsc" file to the AlgoSec Firewall Analyzer machine, and analyze it using the File→Analyze from file menu,
or proceed to the next step to include log analysis as well)

Step 2 (Optional, AFA v5.0 or above)
Login to the NSM Dev server as root.
Run the nsm_log_collect script and answer the questions. Log collection may take some time.
An archive with the logs will be created.

Create a single archive (zip or tar) containing the generated logs archive, and the config file from Step 1.
Analyze the archive in the AlgoSec Firewall Analyzer.



AlgoSec’s Firewall Analyzer is a must have for anyone who manages a rule set of 100 or more.


Network World Magazine



By creating FireFlow using the AFA engine, AlgoSec has effectively created a solution that can automate the entire network security lifecycle...


Frost & Sullivan Analyst



We quickly saw a clear return on our investment with the AlgoSec Firewall Analyzer...


Anton Spitzer,
Infrastructure Services, Porsche Informatik



The AFA allows us to get all of our firewall information in one place, providing IT Governance and visibility where it did not exist.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



Network security VARs, take note: AlgoSec’s FireFlow network policy change workflow management software is the next hot-ticket item for customers.


eWeek Magazine



The AlgoSec Firewall Analyzer fills a critical need for us by automating what was a manual, labor intensive and error prone process.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



By utilizing AFA we no longer require the services of an external source to perform an audit.


Ruza Manojilovic,
Manager Security Operations Teranet



It (AFA) easily and quickly provided Atos Worldline with the ability to understand, track and verify changes to our firewall infrastructure…


Massoud Kamran,
Security Consultant at Atos Worldline Belgium



AlgoSec Firewall Analyzer’s automated and intelligent analysis lets us know the implications of a change and avoid potential risks which save us time, effort and money.


Peter Johannes,
head of Security and Architecture Policy at Atos Worldline Belgium



AlgoSec’s Firewall Analyzer has helped us significantly improve our overall network security.


Ruza Manojilovic,
Manager Security Operations Teranet



Using AFA’s turnkey solution for PCI DSS has been invaluable for us in terms of time and effort.


Ruza Manojilovic,
Manager Security Operations Teranet

 

The integrity of the company (AlgoSec) and its employees surpassed our expectations and has raised the bar for what we look for in other vendors as well.”


Lutz Bleyer, Chief Security Officer,
FIDUCIA



By utilizing AFA we no longer require the services of an external source to perform an audit.


Ruza Manojilovic,
Manager Security Operations Teranet.



With the AFA we can focus on what is most important to Porsche Informatik – our customers.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



AlgoSec affords us realizing operational efficiencies in global security policy management and compliance.


Hugo Van der Veeken,
Atos Worldline SA/NVsecurity department head