Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Group Pinpoints Cisco Router Weakness

From: InfoSec News <isn () c4i org>
Date: Fri, 22 Feb 2002 02:48:18 -0600 (CST)
Forwarded from: H C <keydet89 () yahoo com>

This stuff cracks me up...
 

"Are we saying Cisco routers are vulnerable? The answer is yes,"
said Alan Paller, director of research at the SANS Institute in
Bethesda, Md. Charging that Cisco has not provided security remedies
quickly enough, Paller said the user community must protect itself.


Paller, eh?  Well, it just goes to show you what someone can do when
they have a decent PR department behind them.
  

It downloads configurations of devices to be audited and checks them
against a set of guidelines established by the National Security
Agency, providing a security rating on a scale of 1 to 10. It also
creates a list of IOS commands to correct identified problems.


Sounds like a good way to start, but it has to be taken with a grain
of salt.  It's up to the administrators to determine how the routers
should be configured, not SANS or the NSA.  No third party tool is
capable of accurately determining this 'scale' for all possible
configurations and infrastructures.  The use of one of the recommended
IOS commands could easily make applications or backbones inoperable.
 

"RAT is a leap ahead in our ability to audit the configurations of
network devices.  Automated auditing against best practices
decreases the pain threshold of auditing."


Auditing against best practices for whom?  What SANS and the NSA think
are 'best practices' may not be suitable for a telecomm, or a specific
router within the architecture at a hospital.


"Version 1 [of RAT] is only the beginning," said Clint Kreitner,
president and CEO of the Center for Internet Security. "Development
is under way to make a version that works on Windows systems."


Underway?  What good does that do the community that follows SANS?  
Microsoft has such a huge market-share, you'd think that they'd have a
Windows version available when they made the announcement.

I think I'll wait a version or two before I recommend to anyone I know
that they should try this tool out.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: