Re: Network config monitoring and auditing software

[Paul Keser <pkeser () STANFORD EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have been playing around with Nipper.  In fact I am giving a
presentation on it Wednesday at SecureWorld Bay Area...

It is no longer Open Source but there is a free license for
non-commercial use so you can try it before you buy.  Also they offer
1/2 price on licenses for .edu's

http://www.titania.co.uk

They support ~30 different firewalls and routers.  I have tried it on
Netscreen and Cisco ASA configs.  Being a former firewall engineer one
thing I really like is you don't need to touch the firewall.  You can
point the script at your saved configs and don't have to worry about
affecting the performance of the firewall.

- -PaulK

Paul Keser
Assoc. Information Security Officer
Stanford University
650.724.9051
GPG Fingerprint:  DBA3 E20F CE91 28AA DA1C  4A77 3BD9 C82D 2699 24FB


Kevin Halgren wrote:
> We're looking at software to help with monitoring and auditing changes
> to firewall and switch configurations.  I'd be interested to hear what
> others out there are using, how happy you are with the product, and any
> additional functionality your product has that you have found useful.
> I'd also be interested in products that have a broad range of
> interoperability with different vendor products.
>
> Our environment is largely Cisco.  The firewalls are Cisco ASAs with a
> couple of older Cisco PIX firewalls still in service.  Core switches are
> Cisco with some Foundry/Brocade devices at the edge.
>
> Thanks,
>
> Kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkquyZoACgkQO9nILSaZJPs0AwCgjSBWSJOL/bu7nXbWd+sNzRsl
ho0An2FjVa1JterRRm+BNGYtP5Ofys7M
=h6G3
-----END PGP SIGNATURE-----