Monday, January 11, 2010
Saturday, January 9, 2010
Tuesday, December 29, 2009
- NIPPER – can be downloaded from https://www.titania.co.uk after free registration. It can be used to audit configuration files of Cisco, Juniper and Checkpoint, SonicWall, and many others. It produces nice reports.
- CCSAT (Cisco Configuration Security Auditing Tool) see http://freshmeat.net/projects/ccsat/ The tool is based upon industry best practices, including Cisco, NSA, and SANS security guides and recommendations
- RATS - Rough Auditing Tool for Security - is an open source tool developed and maintained by Secure Software security engineers acquired by Fortify, see http://www.fortify.com/security-resources/rats.jsp
It is easy and practical to put configuration files in local directory and run ad hoc 'grep' command. I did it once with simple grep 'any\|telnet\|timeout\|floodguard\|server\|logging\|auth\|audit\|pdm' * > output . And if network admin is reluctant to send config files for auditing he can run such command by himself. And send you just 'output' file for further analysis. Or provide you 'nipper' report or 'ccsat' output. Good luck !
Saturday, December 26, 2009
- Consultant/guest access to network - How they separate guest/consultant subnet from the rest of the network ? Well, VLAN is not a good answer. One of the best is probably use of VRF Lite (creating virtual routers, virtual routing tables for guest traffic) for traffic and host segmentation. It's very important from PCI standpoint