The analyser engine runs queries on the data collected, based on predefined or custom rules, and then generates a detailed report. The web server sends email alerts to the firewall manager.
Installer kits are available for 32-bit Red Hat Enterprise Linux 4&5 and Centos 4&5. We installed it as a VMware appliance on our Dell 600SC server. Once the VMware player is loaded onto the Firewall Analyzer, it boots up, and logging in as root will bring up the Firewall Analyzer browser application. With the browser path set to https://hostaddress/, the Algosec management screen appears, and the management application client is launched by clicking on the login.
There are three methods for data collection – a wizard accessed from the Administration tab, semi-automated scripts provided by AlgoSec, or doing it manually, which is time consuming and could result in errors.
Once files are retrieved and stored, Firewall Analyzer runs a risk analysis based on PCI compliance, NIST, SANS Top 20 and vendor best practices. In addition, we found that we could create custom analysis reports. Selecting the Firewall Reports option displays charts and a connectivity diagram summarising changes, findings, policy optimisation, rule reordering, firewall information and a firewall connectivity diagram. Choosing the Risks option displays the findings with risk codes and details about the risk with suggestions and diagrams on how to deal with it.
We ran Algosec's Change History Report that detailed changes in rules on the firewall. On the bottom of the Change History dashboard we saw features to run interactive traffic queries, to compare the report with other reports, and to create a group report with other firewalls.
The Optimisation Policy feature provides the Rules Cleanup and Reordering tools. The Cleanup Report lists any rules that need correction and their number of instances. Some rule types flagged in a Cleanup Report are labeled as unused, covered, redundant, disabled, and rules with a non-compliant name. A similar list is provided for Object Cleanup. The Rule Reordering Report gave us information on how to improve a rule and how much the rule can be improved. You can access a detailed report that tells you how to make the changes.
The AlgoSec Firewall Analyzer client application dashboard is well organised and multi-tiered, making it easy to find features and wizards. A useful wizard, Optimise Policy, could specifically identify rules to cleanup. There are predefined compliance audits such as PCI-DSS, ISO/IEC 27001, Sarbanes-Oxley and others. In addition, the compliance reports are well organised and available in PDF, HTML and XML. A drawback was the lack of integration with a vulnerability scanner, but AlgoSec is an excellent product for compliance auditing and compliance and rule optimisation.