NetSPoC is a software designed for managing network security in large computer networks. It is specifically designed to handle different security domains.
The security policy refers to a set of rules dictating which packets are allowed to pass through the network and which ones are not. NetSPoC is topology aware, which means that a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B. Currently, NetSPoC generates ACLs and static routing entries for Cisco routers with or without firewall feature set, PIX firewalls, and Linux iptables & ip route. The software also supports network address translation, virtual IP addresses for redundancy protocols such as VRRP, and some dynamic routing protocols. It also supports IPSec encryption and allows users to easily define a large number of crypto tunnels of either a hub and spoke topology or a fully meshed topology, with crypto rules defining which type of traffic needs to be encrypted. Crypto configuration for Cisco IOS routers and PIX firewalls can also be generated.
One of NetSPoC's standout features is its text-based specification language, which is well suited for integration with CVS or other version control systems. A script is provided for tagging a policy and saving it to a policy database. NetSPoC's developers designed the software with perl 5.8 under Linux platforms and made it portable to other platforms where Perl is available.
The latest release of NetSPoC includes several new features and upgrades, such as better adaptation of the rule set to stateful and stateless devices, support for loopback and negotiated interfaces, and support for Cisco VPN 3000 devices (although documentation for this feature is currently limited). Additionally, the updated software features more checks to prevent an inconsistent configuration and includes various other improvements and bug fixes. Overall, NetSPoC is a reliable software solution for network security management that offers comprehensive features and easy integration with existing systems.
Version 3.1: N/A