Nipper audits routers, reveals insecure settings

For more information: In this Q&A, Mike Chapple explains if a firewall should ever be placed before a router. Learn how a detailed network security change-management and remediation process can make audit preparation easier. Joel Dubin unveils the best practices for protecting a router security password from compromise.

Nipper supports a number of popular security devices, including Check Point Software Technologies Ltd.'s Firewall-1, Cisco Systems Inc. routers (IOS), Cisco Security Appliances, Juniper Networks Inc.'s NetScreen, SonicWall Inc. and others.

A Nipper security audit checks configuration settings, password strength, potential problems with protocols and more. The password audit reveals weak passwords or those vulnerable to a dictionary attack, and can export encrypted passwords in a format ready for brute-force attack with a john-the-ripper file. The OS check identifies known vulnerabilities, providing CVE reference and BugTraq IDs. An ACL audit detects rules that are wide open to the point of being insecure, and spots insecure settings -- such as the failure to authenticate OSPF and RIP updates. Checks are customizable, which allows audits to target specific compliance requirements.

Nipper runs on Windows, Mac OS X and Linux at the command line, though there is a rudimentary GUI for using it within Windows. Nipper audits against an exported copy of a router's configuration file, so a router is never touched or changed during the audit.

It also supports reporting to HTML, XML, Latex and ASCII. Reports note observed findings, potential effects and provide recommendations in understandable English. The recommendations are helpful for understanding possible weaknesses, but the tool can not determine if, say, having IP source routing turned on is necessary to an organizations operations for their environment.

In general, Nipper is a good tool for helping organizations keep routers and firewalls configured correctly.

About the author:
Scott Sidel is an ISSO with Lockheed Martin

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Scott Sidel's Downloads Ophcrack: Password cracking made easy Enigmail: Wrapping email in a digital security blanket Secure file copying with WinSCP FreeRADIUS: Acing a secure connection Spiceworks: Free network monitoring and management with a little zest VirusTotal: On-demand antivirus service scans malicious files Shining a spotlight on rootkits Closing the case on network firewall security with IPCop Eliminating the threat of spam email attacks ClamAV clamps down on e-mail security Network Firewalls Kaminsky: DNS issue still major threat Product Review: Sophos Endpoint Security and Control 8.0 PCI DSS 1.2 clarifies wireless, antivirus use Check Point adds virtual firewall appliance Researchers develop lightweight Cisco IOS rootkit Is it possible to allow select access to IP addresses using Windows Server 2003? Sophos finds patching issues through endpoint NAC tool Fortinet acquires database vulnerability scanner from IPLocks Users are complaining that they can no longer reach any login site belonging to Microsoft. Any ideas? Is an IPsec VPN necessary when connecting remote servers that process financial transactions? Network Routers and Switches Kaminsky: DNS issue still major threat Cisco releases router patches to plug critical flaws PCI DSS 1.2 clarifies wireless, antivirus use Researchers develop lightweight Cisco IOS rootkit DNS rebinding defenses still necessary, thanks to Web 2.0 Is it possible to allow select access to IP addresses using Windows Server 2003? Embedding security has drawbacks says TippingPoint chief architect New virtual switch integrates with multiple security vendors Should a firewall ever be placed before the router? Cisco plugs serious UCM flaw RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bastion host  (SearchSecurity.com) firewall  (SearchSecurity.com) Firewall Builder  (SearchSecurity.com) personal firewall  (SearchSecurity.com) screened subnet  (SearchSecurity.com) virus  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.