There are "permit ip any any" rules implemented in my cisco pix firewall by the previous administrator.
There are more than 5000 users accessing hundreds of servers behind this firewall and no proper change management system to track the implemented changes.
Kindly advise what would be the best way to rectify this problem.
One idea I have is to run tcpdump to gather all the User IPs and services they are accessing and later verify if those access are valid access or not.
But I believe this method is very time consuming.
Kindly advise if there are other methods to rectify this problem without contacting the clients 1st?
Thanks in advanse.