NetSPoC 3.0 reviewDownload
NetSPoC is a tool for security managment of large computer networks with different security domains
NetSPoC is a tool for security managment of large computer networks with different security domains. It generates configuration files for packet filters which are controlling the borders of security domains.
NetSPoC provides its own language for describing the security policy and topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which not. NetSPoC is topology aware: a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
Currently NetSPoC generates ACLs and static routing entries for
Cisco routers with or without firewall feature set,
PIX firewalls and
Linux iptables and ip route.
It supports network address translation, virtual IP addresses for redundancy protocols like VRRP and some dynamic routing protocols.
IPSec encryption is supported as well. A powerful syntax allows to easily define a large number of crypto tunnels of either a hub and spoke topology or a fully meshed topology. Crypto rules define which type of traffic needs to be encrypted. Crypto configuration for Cisco IOS routers and PIX firewalls is generated.
NetSPoC's text based specification language is well suited for integration with CVS or other version control systems. A script is provided for tagging a policy and saving it to a policy database.
This software is actively developed with perl 5.8 under linux. It should be portable to other platforms where perl is available.
What's New in This Release:
Prepare version 3.0.
index.html: Mentioned crypto. Removed links to email addresses to reduce SPAM. Removed CSPM stuff.
Made code 64 bit clean. This was necessary for complement and left-shift operations on 32 bit IP addresses.
NetSPoC 3.0 search tags