Tuesday, December 29, 2009

Auditing routers and firewall configs

There are several free tools available on net for router and firewall config auditing. I focus on tools which are able to work on the config file pulled from the router/firewall and placed in the local directory of the PC. See the short list below:


  • NIPPER – can be downloaded from https://www.titania.co.uk after free registration. It can be used to audit configuration files of Cisco, Juniper and Checkpoint, SonicWall, and many others. It produces nice reports.
  • CCSAT (Cisco Configuration Security Auditing Tool) see http://freshmeat.net/projects/ccsat/ The tool is based upon industry best practices, including Cisco, NSA, and SANS security guides and recommendations
  • RATS - Rough Auditing Tool for Security - is an open source tool developed and maintained by Secure Software security engineers acquired by Fortify, see http://www.fortify.com/security-resources/rats.jsp

It is easy and practical to put configuration files in local directory and run ad hoc 'grep' command. I did it once with simple grep 'any\|telnet\|timeout\|floodguard\|server\|logging\|auth\|audit\|pdm'  * > output . And if network admin is reluctant to send config files for auditing he can run such command by himself. And send you just 'output' file for further analysis. Or provide you 'nipper' report or 'ccsat' output. Good luck !

No comments: