NetSPoC
a Network Security Policy Compiler
NetSPoC is a tool for security managment of large computer networks
with different security domains. It generates configuration files for
packet filters controlling the borders of security domains.
NetSPoC provides its own language for
describing security policy and topology of a network. The security
policy is a set of rules that state which packets are allowed to pass
the network and which not. NetSPoC is topology aware: a rule for
traffic from A to B is automatically applied to all managed packet
filters on the path from A to B.
This software was developed as a replacement for Cisco's CSPM
(Cisco Secure Policy Manager). See file CSPM.html for a comparison. For CSPM users we
have developed an export utility which converts most of the data of a
cpm file into NetSPoC's own language.
Currently NetSPoC generates ACLs and static routing entries for
Cisco routers and PIX firewalls. Support for network address
translation and IPSec has not been implemented yet.
NetSPoC's text based specification language is well suited for
integration with CVS or other version control systems. A script is
provided for tagging a policy and saving it to a policy database.
This software was developed with perl 5.6.1 under linux. It should be
portable to other platforms where perl is running.
Homepage for NetSPoC is at:
http://netspoc.berlios.de
Copyright 2002, Heinz Knutzen,
heinzknutzen@users.berlios.de
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|