http://www.eweek.com/article/0,3658,s=1884&a=23055,00.asp February 20, 2002 By Caron Carlson As routers become an increasingly popular target of attack for sophisticated hackers, several public and private Internet security organizations have joined together to offer a fix. The SANS (System Administration, Networking and Security) Institute, working with UUNet, Cable &Wireless plc, the National Security Agency and the Center for Internet Security developed a Router Audit Tool (RAT) for Cisco Systems Inc. hardware. "Are we saying Cisco routers are vulnerable? The answer is yes," said Alan Paller, director of research at the SANS Institute in Bethesda, Md. Charging that Cisco has not provided security remedies quickly enough, Paller said the user community must protect itself. Cisco did not participate in the development of RAT, although it did review it. "It's a good tool," said Mike Furhman, head of Cisco's security consulting group. "Like all other tools, it's not a magic wand that's going to solve all of your problems." Cisco incident manager Jim Duncan also defended the security of Cisco routers and the company's response to problems. "Cisco sets the mark for responding to product vulnerabilities," Duncan said. "Cisco routers don't have widespread vulnerabilities that haven't been addressed." Cisco lists best practices for router security on its own Web site. "This tool takes it up a level, more into the policy and configuration level," Furhman said. "But it doesn't solve problems that haven't been attempted to be solved before." In a nutshell, RAT determines whether a router is an easy prey for hackers and figures out how to protect it. It downloads configurations of devices to be audited and checks them against a set of guidelines established by the National Security Agency, providing a security rating on a scale of 1 to 10. It also creates a list of IOS commands to correct identified problems. "In a sense it's a parsing technique, which then uses rules available to demonstrate where a router configuration is not configured according to NSA guidelines," said John Stewart, chief security officer at Digital Island, a Cable & Wireless company. "RAT is a leap ahead in our ability to audit the configurations of network devices. Automated auditing against best practices decreases the pain threshold of auditing." The audit tool operates on Unix platform running Perl, but SANS and its partners are developing another version that will run on Windows systems. "Version 1 [of RAT] is only the beginning," said Clint Kreitner, president and CEO of the Center for Internet Security. "Development is under way to make a version that works on Windows systems." RAT can be downloaded from the CIS Web site at www.cisecurity.org. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 05:11:40 PST