Re: [ISN] Security Group Pinpoints Cisco Router Weakness

From: InfoSec News (isnat_private)
Date: Fri Feb 22 2002 - 00:48:18 PST

Next message: InfoSec News: "[ISN] Biatchux Bootable Forensics CD"

Previous message: InfoSec News: "[ISN] Security Group Pinpoints Cisco Router Weakness"
Maybe in reply to: InfoSec News: "[ISN] Security Group Pinpoints Cisco Router Weakness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: H C <keydet89at_private>

This stuff cracks me up...
 
> "Are we saying Cisco routers are vulnerable? The answer is yes,"
> said Alan Paller, director of research at the SANS Institute in
> Bethesda, Md. Charging that Cisco has not provided security remedies
> quickly enough, Paller said the user community must protect itself.

Paller, eh?  Well, it just goes to show you what someone can do when
they have a decent PR department behind them.
  
> It downloads configurations of devices to be audited and checks them
> against a set of guidelines established by the National Security
> Agency, providing a security rating on a scale of 1 to 10. It also
> creates a list of IOS commands to correct identified problems.

Sounds like a good way to start, but it has to be taken with a grain
of salt.  It's up to the administrators to determine how the routers
should be configured, not SANS or the NSA.  No third party tool is
capable of accurately determining this 'scale' for all possible
configurations and infrastructures.  The use of one of the recommended
IOS commands could easily make applications or backbones inoperable.
 
> "RAT is a leap ahead in our ability to audit the configurations of
> network devices.  Automated auditing against best practices
> decreases the pain threshold of auditing."

Auditing against best practices for whom?  What SANS and the NSA think
are 'best practices' may not be suitable for a telecomm, or a specific
router within the architecture at a hospital.

> "Version 1 [of RAT] is only the beginning," said Clint Kreitner,
> president and CEO of the Center for Internet Security. "Development
> is under way to make a version that works on Windows systems."

Underway?  What good does that do the community that follows SANS?  
Microsoft has such a huge market-share, you'd think that they'd have a
Windows version available when they made the announcement.

I think I'll wait a version or two before I recommend to anyone I know
that they should try this tool out.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Biatchux Bootable Forensics CD"
Previous message: InfoSec News: "[ISN] Security Group Pinpoints Cisco Router Weakness"
Maybe in reply to: InfoSec News: "[ISN] Security Group Pinpoints Cisco Router Weakness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 03:47:48 PST