Scribd
Upload
731 views11 pages

Auditing With Nipper

Nipper Auditing Network Devices with Nipper Audits Cisco Security Appliances Auditing Cisco Switches And Routers Auditing CheckPoint VPN1 / Firewall1 Devices Supported By Nipper. Originally Called Cisco Parse Decoded Cisco Type 7 Passwords Developing Further. Added More Checks Added Support For Juniper NetScreen Firewalls Renamed As Nipper (Network Infrastructure Parser) Now. Performs Security Audits generates A Configuration

Uploaded by

Shalem Raj
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
731 views11 pages

Auditing With Nipper

Nipper Auditing Network Devices with Nipper Audits Cisco Security Appliances Auditing Cisco Switches And Routers Auditing CheckPoint VPN1 / Firewall1 Devices Supported By Nipper. Originally Called Cisco Parse Decoded Cisco Type 7 Passwords Developing Further. Added More Checks Added Support For Juniper NetScreen Firewalls Renamed As Nipper (Network Infrastructure Parser) Now. Performs Security Audits generates A Configuration

Uploaded by

Shalem Raj
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Thisisthehtmlversionofthefilehttp://nipper.titania.co.uk/contrib/nipper20080412.pdf. Googleautomaticallygenerateshtmlversionsofdocumentsaswecrawltheweb.

Page1

AuditingNetworkDevices

Nipper
IanVenturaWhiting 12 th April2008

with

Nipper

Page2

AuditingNetworkDevices

withNipper
Overview
NipperBackgroundInformation

12

Overview
NipperBackgroundInformation AuditingCiscoSecurityAppliances AuditingCiscoSwitchesAndRouters AuditingCheckPointVPN1/Firewall1 DevicesSupportedByNipper WhatNipperDoesNotDo TheFutureOfNipper

IncludesDemonstrationsWithCiscoEquipment AndANokiaIPFirewallConfiguration

Copyright2008IanVenturaWhiting

http://nipper.tit
Page3

Nipper

AuditingNetworkDevices

withNipper

12

TheBackgroundInfo...
StartedInMay2006 OriginallyCalledCiscoParse DecodedCiscoType7Passwords

DevelopingFurther...
AddedMoreChecks AddedSupportForJuniperNetScreenFirewalls RenamedAsNipper(NetworkInfrastructureParser)

Now...
PerformsSecurityAudits

Now...
PerformsSecurityAudits GeneratesAConfigurationReport
Copyright2008IanVenturaWhiting http://nipper.tit
Page4

Nipper

AuditingNetworkDevices

withNipper

12

Whydevelopersshouldselectindustrystandardencryption example:CiscoType7Passwords

thepasswordhash

ThesecretCiscokey

NOTvery
thecalculation

cleve

Copyright2008IanVenturaWhiting

http://nipper.tit
Page5

Nipper
ThingsToCheck:
NetworkFiltering

AuditingNetworkDevices

withNipper
SecurityAuditing

12

CiscoSecurityAppliance

WhatNipperAudits:
NetworkFiltering

ThingsToCheck:
NetworkFiltering ProtocolAnalysis AdministrativeServices AuthenticationConfiguration VPNConfiguration RoutingProtocols OperatingSystemVersion OtherDeviceSettings

WhatNipperAudits:
NetworkFiltering ProtocolAnalysis AdministrativeServices AuthenticationConfiguratio VPNConfiguration RoutingProtocols OperatingSystemVersion OtherDeviceSettings

Copyright2008IanVenturaWhiting

http://nipper.tit
Page6

Nipper

AuditingNetworkDevices

withNipper

12

AuditingCiscoSecurityAppliances...

Demonstration

Copyright2008IanVenturaWhiting

http://nipper.tit

Copyright2008IanVenturaWhiting

http://nipper.tit
Page7

Nipper
ThingsToCheck:
RoutingProtocols

AuditingNetworkDevices

withNipper
SecurityAuditing

12

CiscoSwitchesAndRouters

WhatNipperAudits:
RoutingProtocols SwitchPort&VLANConfigu AdministrativeServices AuthenticationConfiguration NetworkFiltering DeviceServices OperatingSystemVersion OtherDeviceSettings

SwitchPort&VLANConfiguration AdministrativeServices AuthenticationConfiguration NetworkFiltering DeviceServices OperatingSystemVersion OtherDeviceSettings

Copyright2008IanVenturaWhiting

http://nipper.tit
Page8

Nipper

AuditingNetworkDevices

withNipper

12

AuditingCiscoSwitchesAndRouters...

Demonstration

Copyright2008IanVenturaWhiting

http://nipper.tit
Page9

Nipper
SoftwareFirewall

AuditingNetworkDevices

withNipper
SecurityAuditing

12

CheckPointVPN1/Firewall1

RunsOnGNU/Linux,SunSolarisAndMicrosoftWindows ThirdPartyProducts,e.g.NokiaIPFirewalls SupportsOtherManufacturersFirewalls,e.g.Cisco ManagementAndFirewallModules PolicyIsConfiguredOnManagementModule PolicyIsDeployedToFirewallModulesAndOtherFirewalls NoSingleConfigurationFile NotStoredInASingleLocation LookForconfOrdatabaseDirectories

Copyright2008IanVenturaWhiting

http://nipper.tit
Page10

Nipper

AuditingNetworkDevices

withNipper

12

Copyright2008IanVenturaWhiting

http://nipper.tit
Page10

Nipper

AuditingNetworkDevices

withNipper
SecurityAuditing

12

CheckPointVPN1/Firewall1

Copyright2008IanVenturaWhiting

http://nipper.tit
Page11

Nipper

AuditingNetworkDevices

withNipper

12

AuditingCheckPointVPN1/Firewall1...

Demonstration

Copyright2008IanVenturaWhiting

http://nipper.tit
Page12

Nipper
CiscoASAFirewalls CiscoCatOSBasedCatalysts

AuditingNetworkDevices

withNipper

12

Nipper0.11.6SupportsAllTheseDevices

BayNetworksAccelar CheckPointVPN1/Firewall1 JuniperNetScreenFirewalls NokiaIPFirewalls NortelPassport SonicWALLFirewalls

CiscoContentServicesSwitch CiscoFirewallServicesModule CiscoIOSBasedCatalysts CisocIOSBasedRouters CiscoNMPBasedCatalysts CiscoPIXFirewalls

Copyright2008IanVenturaWhiting

http://nipper.tit
Page13

Nipper

AuditingNetworkDevices

withNipper
WhatNipper0.11.6

12

DoesNotDo...

withNipper
WhatNipper0.11.6

DoesNotDo...

IdentifyClearTextProtocolsInFilterConfiguration IdentifyDestinationServiceRangesInFilters VPNConfiguration ProtocolAnalysis WirelessRoutingConfigurations BruteForceStrongEncryptionPasswords DeviceSupportVaries

Copyright2008IanVenturaWhiting

http://nipper.tit
Page14

Nipper

AuditingNetworkDevices

withNipper
TheFutureof

12

Nipper

IdentifyMoreNetworkFilteringIssues AuditProtocolAnalysis AuditVPNConfigurationSettings AuditEncryptionSettings ConsistancyAcrossDeviceTypes SupportForMoreDevices CompliancyChecking

ImprovedEfficiency NipperLibrary NipperGUI(Linux,Windows&O InternationalisationReady(i18n) ImprovedHTMLOutput ImprovedLatexOutput ImprovedReportContent

CompliancyChecking

ImprovedReportContent

Copyright2008IanVenturaWhiting

http://nipper.tit
Page15

Nipper
Example:Improvementsto

AuditingNetworkDevices

withNipper

12

SNMPAuditing
Nipper0.12.0 ClearTextSNMPInUse Nipper0.11.6 SNMPVersion1/2cInUse WeakCommunityString DictionaryBasedCommunityString WeakCommunityString DictionaryBasedCommunityString DefaultCommunityString SNMPConfiguredWithoutFiltering SNMPWriteAccessEnabled SNMPSystemShutdownEnabled SNMPTFTPListNotConfigured SNMPViewNotConfigured
Copyright2008IanVenturaWhiting http://nipper.tit
Page16

Nipper
CiscoASAFirewalls CiscoCatOSBasedCatalysts

AuditingNetworkDevices

withNipper

12

BayNetworksAccelar CheckPointVPN1/Firewall1

CiscoContentServicesSwitch

CiscoCatOSBasedCatalysts CiscoContentServicesSwitch CiscoFirewallServicesModule CiscoIOSBasedCatalysts CisocIOSBasedRouters CiscoNMPBasedCatalysts CiscoPIXFirewalls

BayNetworksAccelar CheckPointVPN1/Firewall1 JuniperNetScreenFirewalls NokiaIPFirewalls NortelPassport SonicWALLFirewalls EntrasysSwitches&Routers

3ComSuperStackSwitches NortelAlteonFirewall NortelBayStackSwitches NortelContivityVPNRouter

FoundrySwitches FortinetFortigateFirewalls HPProcurveSwitches WatchGuardFirewalls

Copyright2008IanVenturaWhiting

http://nipper.tit
Page17

Nipper

AuditingNetworkDevices

This is the html version of the file http://nipper.titania.co.uk/contrib/nipper­20080412.pdf. (http://nipper.titania.co.uk/co
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Overview Nipper Background Information Auditing Cisco Security Applian
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Now... Performs Security Audits Generates A Configuration Report Page 
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Network Filtering Protocol Analysis Administrative Services Authentica
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Page 7 http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Nipper A
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Page 9 http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Nipper A
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Page 10 http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Nipper
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Page 12 http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Nipper
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting pp with Nipper What Nipper 0.11.6 Does Not Do... Identify Clear Text P
http://nipper.tit © Copyright 2008 Ian Ventura­Whiting Compliancy Checking Improved Report Content Page 15 http://nipper.tit

You might also like