Darknet - The Darkside » cisco security http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Nipper 0.11.5 Released – Network Device Configuration Security Auditing Tool http://www.darknet.org.uk/2008/03/nipper-0115-released-network-device-configuration-security-auditing-tool/ http://www.darknet.org.uk/2008/03/nipper-0115-released-network-device-configuration-security-auditing-tool/#comments Fri, 14 Mar 2008 02:33:15 +0000 Darknet http://www.darknet.org.uk/2008/03/nipper-0115-released-network-device-configuration-security-auditing-tool/

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page

Nipper currently supports the following device types:

  • Cisco Switches (IOS)
  • Cisco Routers (IOS)
  • Cisco Firewalls (PIX, ASA, FWSM)
  • Cisco Catalysts (NMP, CatOS, IOS)
  • Cisco Content Service Switches (CSS)
  • Juniper NetScreen Firewalls (ScreenOS)
  • CheckPoint Firewall-1 (FW1)
  • Nokia IP Firewalls (FW1)
  • Nortel Passport Devices
  • SonicWALL SonicOS Firewalls (SonicOS)

The security audit includes details of the findings, together with detailed recommendations. The security audit can be modified using command lineparameters or an external configuration file.

Network filtering audits include the following, all of which can be modified:

  • Rule lists end with a deny all and log
  • Rules allowing access from any source
  • Rules allowing access from network sources
  • Rules allowing access from any source port
  • Rules allowing access to any destination
  • Rules allowing access to destination networks
  • Rules allowing access to any destination service
  • Rules that do not log
  • Deny rules that do not log
  • Rules that are disabled
  • Rules that reject rather than drop
  • No bypass rules exist
  • Default rules

This update (0.11.5) includes improvements to support for Cisco PIX / ASA / FWSM firewalls, SonicWALL SonicOS firewalls, CheckPoint Firewall-1 and Nokia IP firewalls. It also includes a host of other updates.

The output from Nipper can be in HTML, Latex, XML or Text formats. Furthermore, Nipper will reverse any Cisco type-7 passwords identified, all other encrypted passwords can be output to a John-the-Ripper file for further strength testing. By default, input is retrieved from stdin and is output (in HTML format) to stdout.

Nipper is available for Linux, Windows and other platforms. You can download Nipper here:

Nipper 0.11.5

Or read more here.

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2008/03/nipper-0115-released-network-device-configuration-security-auditing-tool/feed/ 0