Unique audit of vro security with Nipper

What kind of software is Nipper?

In fact, Nipper is short for Network Infrastructure Parser. It should be said that it is a Network architecture Parser. Nipper is an open-source network device security audit tool. The advantage of open source is of course its free nature. Previously called CiscoPars, Nipper has a simple interface, but is powerful and easy to install and use. It can accurately complete the promised tasks. Nipper can process network device configuration files, perform security audits on network devices, generate a security report with recommended information, and generate a configuration report. Nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices.

It can be said that it can work together with many different network devices, not just Cisco. Specifically, Nipper can audit the following network compatible devices: Cisco switches (IOS), Cisco routers (IOS), Cisco firewalls (PIX, ASA, FWSM), Cisco Catalyst switches (NMP, catOS, IOS), Cisco Content Service switch, and Juniper NetScreen firewall (screnos ).

How do I use a Nipper?

The Nipper supports many devices and has many options. I do not want to show all of its functions here. However, I will demonstrate its basic applications. For the example in this article, we will use the Nipper to review a Cisco router with only the default configuration.

For review, I used the Cisco 2600 Series router to clear the original manual configuration information and restart it. Then, the process of reviewing the router is started.

First, from Sourceforge.net (http://downloads.sourceforge.net/nipper/nipper-0.10.7.zip? Modtime = 1192735478 & big_mirror = 0. This link downloads the ipper for the Windows platform. This software also has a version that can run normally on the Linux platform.) download the ipper ,. Decompress it to a folder on the computer, such as C: nipper.

Next, obtain the text of the vro configuration file. Log on to the vrotelnet via Telnet or SSH, use the show running-configuration command, copy and paste the output results to notepad, and save them in the C: nipper folder created earlier.

You can use a TFTP server and copy its configuration to your local PC. For example, the pen tried tftpd32.exe, which is fast and simple to run. Use the copy running-configuration tftp Command during replication.

After preparing the configuration file to be reviewed in the PC, switch to the Windows Command Prompt window, type the "cd nipper" command, and then type:

Nipper -- ios-router --inputpolictestrouterconfig.txt --output?audit.html. As shown in 1:

The system returns to the command prompt status without returning any information. But it doesn't matter. It has started to work.

Next, Open a Web browser and enter the following content in the address bar: c: nipperaudit.html. This will open a security report. 2.bmp shows the security audit screen window:

What information does Nipper tell us?

In the security report, you will see the security audit information provided by Nipper, for example:

1. Software Versions with vulnerabilities, and the number of references for these vulnerabilities.

2. provide you with some suggestions to help you disable services that will lead others to access this vro.

3. The commands you need to enable to ensure vro security.

In this example, the Nipper tells us to perform the following operations:

1. Upgrade the IOS of the router to prevent Telnet Remote DoS attacks and TCP listener DoS attacks.

2. Configure the service tcp-keepalives-in command to prevent DoS attacks.

3. Configure the timeout value on the console to prevent anyone from accessing the vrotelnet through Telnet or console session.

4. Enable the log function.

In addition to several other suggestions, the Nipper also provides a device summative information: Which services are enabled, which services are closed, line status, interface status, DNS, and time zone.

Although the Nipper is so small, simple, and free of charge, it provides us with such a powerful security review function for network devices. To get help information for the Nipper, after downloading and unzipping the program, you can enter the "nipper-help" command to get help information. I believe that you will love it after using it.