InfoSecter Introduction

Welcome to the Information Security Dissector also known as InfoSecter. With this tool, you will gain a greater understanding of how accurately your network security devices are enforcing your enterprise's security policy.

InfoSecter works on configurations from a variety of network security device vendors. All of these devices control how packets are handled through the evaluation of ordered lists of rules often called access control lists (ACLs). Changes to a rule within a long ordered list may have unintended consequences. InfoSecter helps you understand how your current configurations operation and the implications of potential changes without having to deploy the configurations.

InfoSecter supports the types of analysis.

• Self Conflict - Compare elements of the ordered lists against later elements in the list. Report on rules in the same list that could match the same packet. Such conflicts may be innocuous, but poorly understood conflicts are the source of most configuration errors.
• Cross Conflict - Compare how two different configurations process packets. Identify ranges of packets that are handled differently between the two configurations. This is useful to analyze the effects of a potential configuration update or to understand whether two devices that should be handling packets the same way really are.
• Dissection - Eliminate all conflicts from the rules in the configuration files. Each potential packet will match one and only one slice from the table. By filtering, the user can hone in on an area of interest and concentrate on how specific packets in that region will be handled by the configuration.
• Policy Validation - Create a higher level constraint of how you believe traffic should be processed based on your understanding of your organization's security policy. Apply the constraint to a device configuration, and InfoSecter computes the packets where the processing does not meet the constraint.

InfoSecter is implemented in three programs:

• InfoSecter Visualizer - Let's you graphically maniuplate analysis results.
• InfoSecter Analyzer - Performs the requested analysis.
• InfoSecter Querent - Create and manage packet descriptions used for query and constraint analysis.

InfoSecter processes configurations from a growing list of security device vendors. The current list includes:

• Cisco PIX, ASA, and FWSM
• Cisco IOS
• CheckPoint
• Juniper Netscreen