[c-nsp] Router security defaults (WAS RE: Proxy ARP -- To disable, or not to disable..)
Enno Rey
erey at ernw.de
Tue Mar 25 14:50:50 EDT 2008
Hi,
another one (mainly for switches) was written by a colleague of mine some time ago. It's called "Bulk Switch Config Auditor" and can be found at
http://www.ernw.de/download/bsca_0.1.2a.zip
thanks,
Enno
On Mon, Mar 24, 2008 at 10:42:14PM +0100, Rikard Skjelsvik wrote:
> Justin Shore wrote:
> >
> > Yes. You can use RAT (Router Audit Tool).
> >
> > http://www.cisecurity.org/
> >
> > However that still doesn't exempt the admin from knowing exactly what
> > each and every suggested command does. RAT bitches and moans about my
> > configs because I don't ever set VTY passwords. RAT doesn't have the
> > ability to recognize that they are not needed in my scenario because I
> > utilize full AAA. RAT is programmed to look for certain things and give
> > the pre-determined output. It's still a good tool but you have to
> > understand what it's telling you to figure out if in fact there is a
> > problem to be addressed.
> >
> > As always with security, there is no silver bullet.
> >
> > Justin
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> Or you could use nipper
>
> http://sourceforge.net/projects/nipper
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Enno Rey
Check out www.troopers08.org!
ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey
More information about the cisco-nsp
mailing list