Network device configurations It'S no secret that in order to ensure the protection of your network perimeters, network devices must be audited regularly. Securing your network from attackers must be driven by security assessments done externally and internally. While assessing the security posture of your network internally, you could take the following steps:
1.Interview network and security administrators to understand the current network set-up
2.Review network and routing rules
3.Review systems configuration for adherence to hardening guidelines
4.Review remotely managed security controls
5.Review logging facilities
The effort required for this security review of network devices will depend on the number of devices in scope of the review, the types of devices (routers, switches and firewalls) and the number of rules configured to run this device.
For example, if you have around 20 network devices (namely routers, switches and firewalls) and have to perform a security configuration review, it will take large amounts of time to go through each line of configuration and complete the exercise. During a manual review, it is quite possible that the auditor could miss/skip some rules. To avoid defects in the report, one should also involve a tool¬based approach to audit devices. Nipper is one such open source tool that can parse network device configuration files and carry out a security review of devices.
Nipper supports:
1.Firewall (3Com, Checkpoint, Cisco, Juniper, Nokia IP, SonicWALL, Nortel)
2.Router (Cisco, Bay Network, Nortel)
3.Switches (Cisco, 3Com, HP Pro Curve, Nortel)
In order to carry out a network device security audit, Nipper checks the following items in a configuration file:
•Protocols in use
•Routing configuration
•Authentication and password
•Login, log-on banners and timeouts
•Operating system versions
•Logging
•Encryption/encoding
•Network filtering Time synchronisation
•Console/VLAN/VPN configuration
Reply With Quote
Bookmarks