Security Group Pinpoints Cisco Router Weakness

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article/0,3658,s=1884&a=23055,00.asp

February 20, 2002 
By Caron Carlson 

As routers become an increasingly popular target of attack for
sophisticated hackers, several public and private Internet security
organizations have joined together to offer a fix.

The SANS (System Administration, Networking and Security) Institute,
working with UUNet, Cable &Wireless plc, the National Security Agency
and the Center for Internet Security developed a Router Audit Tool
(RAT) for Cisco Systems Inc. hardware.

"Are we saying Cisco routers are vulnerable? The answer is yes," said
Alan Paller, director of research at the SANS Institute in Bethesda,
Md. Charging that Cisco has not provided security remedies quickly
enough, Paller said the user community must protect itself.

Cisco did not participate in the development of RAT, although it did
review it. "It's a good tool," said Mike Furhman, head of Cisco's
security consulting group. "Like all other tools, it's not a magic
wand that's going to solve all of your problems."

Cisco incident manager Jim Duncan also defended the security of Cisco
routers and the company's response to problems. "Cisco sets the mark
for responding to product vulnerabilities," Duncan said. "Cisco
routers don't have widespread vulnerabilities that haven't been
addressed."

Cisco lists best practices for router security on its own Web site.  
"This tool takes it up a level, more into the policy and configuration
level," Furhman said. "But it doesn't solve problems that haven't been
attempted to be solved before."

In a nutshell, RAT determines whether a router is an easy prey for
hackers and figures out how to protect it. It downloads configurations
of devices to be audited and checks them against a set of guidelines
established by the National Security Agency, providing a security
rating on a scale of 1 to 10. It also creates a list of IOS commands
to correct identified problems.

"In a sense it's a parsing technique, which then uses rules available
to demonstrate where a router configuration is not configured
according to NSA guidelines," said John Stewart, chief security
officer at Digital Island, a Cable & Wireless company. "RAT is a leap
ahead in our ability to audit the configurations of network devices.  
Automated auditing against best practices decreases the pain threshold
of auditing."

The audit tool operates on Unix platform running Perl, but SANS and
its partners are developing another version that will run on Windows
systems.

"Version 1 [of RAT] is only the beginning," said Clint Kreitner,
president and CEO of the Center for Internet Security. "Development is
under way to make a version that works on Windows systems."

RAT can be downloaded from the CIS Web site at www.cisecurity.org.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.