RE: [nsp] Cisco Network Audit

From: Kevin Gannon (kgannon@lancomms.ie)
Date: Tue Jan 29 2002 - 03:29:43 EST


Well it depends on the audit depth for example are you planning
on reviewing the IOS/CatOS streams for known issues ect ??

If the network is large then deploying Cisco Resource Manager
will help greatly with config collect and also IOS bug analysis.
Also it has some very useful canned reports. In fact RME is
what the NSA Kit is under a different name and this is what
Cisco would deploy on your site if you sign up for NSA support
and its tied into there NOC's in Pegasus Park and the Triangle.

For smaller audits kiwi cattools helps collect the configs and
the show commands in an automatted way and can also do CSV
exports so you can use excel/star office for reports. Check out:
http://www.kiwi-enterprises.com

Regards,
Kevin

-----Original Message-----
From: KF [mailto:kf@reign.sk]
Sent: 28 January 2002 21:55
To: 'Ryan O'Connell'; 'Alejandro Esquivel Rodríguez'
Cc: cisco-nsp@puck.nether.net
Subject: RE: [nsp] Cisco Network Audit

now I see.. that I missunderstood your question.. thought so, You mentioned
an security audit of network done by Cisco pals..

hmm it's kindda offtopic but know anyone some details about that?

greetz

Alex

> -----Original Message-----
> From: Ryan O'Connell [mailto:ryan@complicity.co.uk]
> Sent: Monday, January 28, 2002 9:45 PM
> To: Alejandro Esquivel Rodríguez
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] Cisco Network Audit
>
>
> On Mon, Jan 28, 2002 at 11:35:42AM -0600, Alejandro Esquivel
> Rodríguez wrote:
> > I need information or any documentation for
> > the basis that Cisco Network Audit ( "show commands, cisco
> > information, etc")
>
> If you're after information to do an audit of your network
> (Your mail is a
> little unclear) then the commands you want are:
>
> Most IOS routers - show diag
> CatOS/XDI switches - show mod
> Fixed-config routers and switches - show ver
>
> This assumes that you have access to all devices and know
> where they are. If
> not, show cdp neigh may be useful.
>
> Some devices can't tell you their serial number - mostly
> older Cat2900s,
> Local Directors etc.
>
> --
> Ryan O'Connell - CCIE #8174
> <ryan@complicity.co.uk> - http://www.complicity.co.uk
>
>
> I'm not losing my mind, no I'm not changing my lines,
> I'm just learning new things with the passage of time
>
>

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept for the
presence of computer viruses.

For more information contact postmaster@lancomms.ie

phone + 353 1 4093000

fax + 353 1 4093001

**********************************************************************



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:30 EDT