Forwarded from: H C <keydet89at_private> This stuff cracks me up... > "Are we saying Cisco routers are vulnerable? The answer is yes," > said Alan Paller, director of research at the SANS Institute in > Bethesda, Md. Charging that Cisco has not provided security remedies > quickly enough, Paller said the user community must protect itself. Paller, eh? Well, it just goes to show you what someone can do when they have a decent PR department behind them. > It downloads configurations of devices to be audited and checks them > against a set of guidelines established by the National Security > Agency, providing a security rating on a scale of 1 to 10. It also > creates a list of IOS commands to correct identified problems. Sounds like a good way to start, but it has to be taken with a grain of salt. It's up to the administrators to determine how the routers should be configured, not SANS or the NSA. No third party tool is capable of accurately determining this 'scale' for all possible configurations and infrastructures. The use of one of the recommended IOS commands could easily make applications or backbones inoperable. > "RAT is a leap ahead in our ability to audit the configurations of > network devices. Automated auditing against best practices > decreases the pain threshold of auditing." Auditing against best practices for whom? What SANS and the NSA think are 'best practices' may not be suitable for a telecomm, or a specific router within the architecture at a hospital. > "Version 1 [of RAT] is only the beginning," said Clint Kreitner, > president and CEO of the Center for Internet Security. "Development > is under way to make a version that works on Windows systems." Underway? What good does that do the community that follows SANS? Microsoft has such a huge market-share, you'd think that they'd have a Windows version available when they made the announcement. I think I'll wait a version or two before I recommend to anyone I know that they should try this tool out. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 03:47:48 PST