Presentation is loading. Please wait.

Presentation is loading. Please wait.

Router Audit Tool and Benchmark

Published byVeronica Sherman Modified over 6 years ago

Similar presentations

Presentation on theme: "Router Audit Tool and Benchmark"— Presentation transcript:

1 Router Audit Tool and Benchmark
February 20, 2002 George M. Jones 9/18/2018 © 2002, George M. Jones

2 Introduction Subject: Router Audit Tool and Benchmark
Premise: “The network is the computer” Corollary: Routers are the network. Audience: Network Engineers and Technical Security Auditors 9/18/2018 © 2002, George M. Jones

3 Problems Solved Lack of Cisco IOS benchmark
Lack of audit tool for IOS. Difficulty maintaining consistency. Difficulty detecting changes. Need to quickly fix incorrect settings. Need for reporting and customization. Need to check non-IOS devices. 9/18/2018 © 2002, George M. Jones

4 Problems Not Solved Management Issues Poor Operations Practices
Problems in vendor code. Problems inherent to protocols. Host-based problems (viruses, code red….) Bandwidth based DoS attacks New vulnerabilities Local configuration choices The need for competence and vigilance. 9/18/2018 © 2002, George M. Jones

5 Approach Perl: “There’s more than one way to do it.”
Start with “good” config. Define rules. Write a program to compare rules & configs. Rules forbid/require certain strings/patterns. CSV-like output and HTML reports 9/18/2018 © 2002, George M. Jones

6 The Router Audit Tool (rat)
Four Perl Programs snarf: pull configs ncat: reads rules & configs, writes CSVish output ncat_report: reads CSVish files, writes HTML rat: the program you run. Runs other programs. 9/18/2018 © 2002, George M. Jones

7 A Quick Example Define a rule to forbid SNMP read-write community string “private” Running the Tool RuleName:IOS - forbid SNMP community private RuleClass:default,access RuleVersion:version 1[12]\.* RuleContext:Global RuleType:Forbidden RuleMatch:snmp community private RuleImportance:10 RuleDescription:Don't use default SNMP community strings.\ SNMP allows management and monitoring of networked devices.\ "private" is a well know default community string.\ It should not be used Rat --nosnarf border-router.txt vpn-gateway-router.txt 9/18/2018 © 2002, George M. Jones

8 Sample Output 9/18/2018 © 2002, George M. Jones

9 The Benchmark Defines what to check
Based on NSA Router Security Configuration Guide “Level 1” = Default, “Level 2” = Optional. Basic checks, baseline for all routers. Some sites will need more optional rules. 9/18/2018 © 2002, George M. Jones

10 The Rules Designed to protect the router itself.
Four classes: services, access, logging, routing. 59 rules. 5 IOS 11 specific. 4 IOS 12 specific. 9/18/2018 © 2002, George M. Jones

11 SNMP Rules Major SNMP Vulnerabilities outlined in CERT Advisory CA RAT rules address this: Disable SNMP Forbid SNMP community public/private Forbid SNMP without ACLs Ingress/egress filters 9/18/2018 © 2002, George M. Jones

12 More SNMP Defenses Upgrade to patched IOS version
Filter all SNMP at border (ingress) access-list 123 deny udp any any eq snmp access-list 123 deny udp any any eq snmptrap Change community strings Permit only known hosts to poll access-list 123 permit udp host any eq snmp 9/18/2018 © 2002, George M. Jones

13 Using the Tool and Benchmark
Using “as is” Minimum standards Scoring Fix problems found Customizing Changing headings Modifying rules Adding rules/new devices 9/18/2018 © 2002, George M. Jones

14 Example: index page 9/18/2018 © 2002, George M. Jones

15 Example: Single Report
9/18/2018 © 2002, George M. Jones

16 Example: Combined Report
9/18/2018 © 2002, George M. Jones

17 Future Work More Rules Other Devices
Better Integration With Config Guide Windows Port? Any Volunteers? 9/18/2018 © 2002, George M. Jones

18 Related Work UUNET net-sec config checker (unpub.)
Cisco Netsys Baseliner (discontinued) NSA Router Security Configuration Guide Improving Security on Cisco Routers 9/18/2018 © 2002, George M. Jones

19 Credits NSA Information Assurance Directorate
Produced Router Security Configuration Guide. Neal Ziring, the editor, has be very helpful John Stewart, Digital Island/Exodus Much help with Perl,CVS, install process Eric Brandwine and Jared Allison UUNET net-sec config checker Mark Krause & Neil Kirr, UUNET, Clint Kreitner, CIS, Alan Paller, SANS For encouraging and supporting the work. 9/18/2018 © 2002, George M. Jones

20 Availability and Feedback
The tool and benchmark are available for public download from Feedback Questions ? 9/18/2018 © 2002, George M. Jones

Download ppt "Router Audit Tool and Benchmark"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Virtual Company Group 8 Presentation Date: June /04/2017

Virtual Company Group 8 Presentation Date: June /04/2017
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Hands-On Microsoft Windows Server 2003 Administration Chapter 2 Managing Windows Server 2003 Hardware and Software.

Hands-On Microsoft Windows Server 2003 Administration Chapter 2 Managing Windows Server 2003 Hardware and Software.
1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

Similar presentations

Ads by Google