[ISN] Security Group Pinpoints Cisco Router Weakness

From: InfoSec News (isnat_private)
Date: Thu Feb 21 2002 - 01:59:52 PST

  • Next message: InfoSec News: "Re: [ISN] Security Group Pinpoints Cisco Router Weakness"

    February 20, 2002 
    By Caron Carlson 
    As routers become an increasingly popular target of attack for
    sophisticated hackers, several public and private Internet security
    organizations have joined together to offer a fix.
    The SANS (System Administration, Networking and Security) Institute,
    working with UUNet, Cable &Wireless plc, the National Security Agency
    and the Center for Internet Security developed a Router Audit Tool
    (RAT) for Cisco Systems Inc. hardware.
    "Are we saying Cisco routers are vulnerable? The answer is yes," said
    Alan Paller, director of research at the SANS Institute in Bethesda,
    Md. Charging that Cisco has not provided security remedies quickly
    enough, Paller said the user community must protect itself.
    Cisco did not participate in the development of RAT, although it did
    review it. "It's a good tool," said Mike Furhman, head of Cisco's
    security consulting group. "Like all other tools, it's not a magic
    wand that's going to solve all of your problems."
    Cisco incident manager Jim Duncan also defended the security of Cisco
    routers and the company's response to problems. "Cisco sets the mark
    for responding to product vulnerabilities," Duncan said. "Cisco
    routers don't have widespread vulnerabilities that haven't been
    Cisco lists best practices for router security on its own Web site.  
    "This tool takes it up a level, more into the policy and configuration
    level," Furhman said. "But it doesn't solve problems that haven't been
    attempted to be solved before."
    In a nutshell, RAT determines whether a router is an easy prey for
    hackers and figures out how to protect it. It downloads configurations
    of devices to be audited and checks them against a set of guidelines
    established by the National Security Agency, providing a security
    rating on a scale of 1 to 10. It also creates a list of IOS commands
    to correct identified problems.
    "In a sense it's a parsing technique, which then uses rules available
    to demonstrate where a router configuration is not configured
    according to NSA guidelines," said John Stewart, chief security
    officer at Digital Island, a Cable & Wireless company. "RAT is a leap
    ahead in our ability to audit the configurations of network devices.  
    Automated auditing against best practices decreases the pain threshold
    of auditing."
    The audit tool operates on Unix platform running Perl, but SANS and
    its partners are developing another version that will run on Windows
    "Version 1 [of RAT] is only the beginning," said Clint Kreitner,
    president and CEO of the Center for Internet Security. "Development is
    under way to make a version that works on Windows systems."
    RAT can be downloaded from the CIS Web site at www.cisecurity.org.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 05:11:40 PST