Information Security News mailing list archives
Re: Security Group Pinpoints Cisco Router Weakness
From: InfoSec News <isn () c4i org>
Date: Fri, 22 Feb 2002 02:48:18 -0600 (CST)
Forwarded from: H C <keydet89 () yahoo com> This stuff cracks me up...
"Are we saying Cisco routers are vulnerable? The answer is yes," said Alan Paller, director of research at the SANS Institute in Bethesda, Md. Charging that Cisco has not provided security remedies quickly enough, Paller said the user community must protect itself.
Paller, eh? Well, it just goes to show you what someone can do when they have a decent PR department behind them.
It downloads configurations of devices to be audited and checks them against a set of guidelines established by the National Security Agency, providing a security rating on a scale of 1 to 10. It also creates a list of IOS commands to correct identified problems.
Sounds like a good way to start, but it has to be taken with a grain of salt. It's up to the administrators to determine how the routers should be configured, not SANS or the NSA. No third party tool is capable of accurately determining this 'scale' for all possible configurations and infrastructures. The use of one of the recommended IOS commands could easily make applications or backbones inoperable.
"RAT is a leap ahead in our ability to audit the configurations of network devices. Automated auditing against best practices decreases the pain threshold of auditing."
Auditing against best practices for whom? What SANS and the NSA think are 'best practices' may not be suitable for a telecomm, or a specific router within the architecture at a hospital.
"Version 1 [of RAT] is only the beginning," said Clint Kreitner, president and CEO of the Center for Internet Security. "Development is under way to make a version that works on Windows systems."
Underway? What good does that do the community that follows SANS? Microsoft has such a huge market-share, you'd think that they'd have a Windows version available when they made the announcement. I think I'll wait a version or two before I recommend to anyone I know that they should try this tool out. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security Group Pinpoints Cisco Router Weakness InfoSec News (Feb 21)
- <Possible follow-ups>
- Re: Security Group Pinpoints Cisco Router Weakness InfoSec News (Feb 22)