Abstract: The present invention discloses a method for analyzing an IP Gateway's Routing Table for identifying sets of IP addresses (“Disjoint Zones”) communicating through the same Gateway, said method comprising the steps of: identify subnets of IP addresses which are directly connected to the Gateway(“directly-connected subnets”) via a network interface card (“NIC”); associate every route in the Routing Table with a NIC; identify and sort the Routing Table's Critical Points, at which the routing decision may change between successive IP addresses, and identifying Disjoint Zones of IP addresses by locating all the Critical Points at which the routing decision in fact changes between successive IP addresses. According to a further option of the present invention, an External Disjoint Zone is identified in accordance with the NIC which is associated with the default route.

Abstract: Generally, a method and apparatus are disclosed for Automatic Risk Assessment of a Firewall Configuration. The disclosed invention facilitates the automatic generation of a risk assessment of a given firewall configuration. The prior work of [Mayer et al; 2000, Mayer et al; 2005] and [Wool; 2001] teaches how to analyze Firewall Configurations and produce HTML-based Firewall Analyzer Reports. However, the said Reports produced by the methods of [Mayer et al; 2000, Mayer et al; 2005] are voluminous, and do not identify or rate the risks present within the Firewall Configuration. In the current state of the art, a Firewall administrator or auditor needs to navigate through the Firewall Analyzer Report, and use his or her expertise to identify any Configuration mistakes or badly written rules. The current invention automates this manual process. The method is to let a software module, (the “ADVISOR” module) go over the report, before the human user does, and flag the Configuration errors.