NETWORK DEVICE SECURITY AUDITING
E-SPIN PROFESSIONAL BOOK
VULNERABILITY MANAGEMENT
E-‐SPIN Comprehensive Professionals Book on
Network Device Security, ConfiguraAon
AudiAng, Compliance ReporAng helps to
secure and Aghten the network device
security and bolstering compliance to deliver
up-‐to-‐date regulatory compliance and
protecAon which minimizes risk and enabling
protected business operaAons.
With increasing a-en.on on network device
security, IT advisors, IT auditors must enforce
strict security policies and procedures to
protect their cri.cal inbound and outbound
from the network devices. Achieving
comprehensive security requires ensuring that
network device configura.on, security policies
are aligned with IT security policies and taking
strong advanced security measures to harden
the network security environment such as
Router and Core Switch configura.on and
policies security compliance to meet internal
security requirements and external regulatory
compliance as integral part of an enterprise's
security and risk management prac.ces.
As a sole distributor In Malaysia, Titania
products are part of E-‐SPIN’s Vulnerability
Management and Security Management
Solu.on PorNolio for securing highly complex
and widely deployed network device
infrastructure for the configura.on and policy
security audi.ng and repor.ng across some of
the demanding industries.
E-‐SPIN Professional book on Network Device
Security Audi.ng will focuses on increased
network device security, configura.on check,
vulnerability assessment, audit to IT Security
Team or Risk Compliance, Audit for con.nuous
regulatory compliance or to perform
Con.nuous Network Device Configura.on
Security Compliance and Monitoring on
cyber/military defense applica.ons for the
enterprise, government and military
customers .
By reading this book, organiza.ons, firms and
companies should consider adop.ng
specialized and customized Titania global de
factor Nipper Studio for Network Device
Security Audi.ng, Compliance Check and
Repor.ng in the areas of vulnerability
a s s e s s m e n t , p r o v i d i n g t h e m o s t
comprehensive up-‐to-‐date vulnerability
assessment, configura.on audi.ng, protec.on
and repor.ng capabili.es to assure the
maximum protec.on of mission cri.cal
network infrastructure for today's enterprise
network applica.ons.
Finally, .ll we meet again in the next issue and
happy reading.
Chief Of Editor,
Madeline Lim
Editor’s Summary
E-SPIN Marketing Department
February 2, 2013
Table of Contents
Chapters Page ... CHAPTER 1 – Introduc.on of Titania Nipper Studio 4
... CHAPTER 2 – Titania Nipper Studio Features 5-‐10
... CHAPTER 3 – Titania Nipper Studio Pen Test 11-‐13
Introducing Titania Nipper Studio
Nipper Studio does not require you to have any specialist exper.se in network security for you to produce your own comprehensive audit report. Titania over years of experience in manual penetra.on tes.ng and knowledge of best prac.ce security requirements, gives you an expert in a box!
‘Nipper enables Cisco to test these devices in a frac.on of the .me it would normally take to perform a manual audit and, for many devices, it has eliminated the need for a manual audit to be undertaken altogether.’ -‐ Cisco Systems Inc The so`ware analyses device configura.ons and iden.fies poten.al security weaknesses before wri.ng your detailed report including; a management summary with sta.s.cs; detailed findings that include the issues’ poten.al impact and mi.ga.on recommenda.ons.
The issues are rated dynamically using either the products own best prac.ce ra.ng system or the industry standard CVSS v2 ra.ng system.
The reports are wri-en from the perspec.ve of the auditor, sentence by sentence, just as if a human had wri-en the report for their customer. In fact many audi.ng companies directly use the Nipper Studio reports as their own when presen.ng their own audit reports to their customers.
This along with the extensive customiza.on op.ons such as audi.ng to your corporate policies, quickly adding company names, logos and notes to the report, means Nipper Studio is trusted by government agencies, financial ins.tu.ons, audi.ng organiza.ons and many other industries all over the world.
‘The audit repor.ng style is professional, intui.ve, and simple. ‘ -‐ Andy Dixon, Network Infrastructure Analyst for 7G Technologies
Titania Nipper Studio Features
Protecting your Networks from the Cyber Threat
STAY SECURE
Companies worldwide depend on their networked computer systems to successfully run their businesses. These systems will o`en contain accounts informa.on, customer data and other confiden.al informa.on; therefore it is impera.ve that their systems are secure.
Firewall and An.virus protec.on is only part of the solu.on; the reality is that hackers will try to break into your systems by trying to bypass any protec.on you have put in place.
As companies grow their computer networks expand and evolve, as does their complexity. Companies add more firewalls, switches, routers and deploy specific systems such as Intrusion Preven.on Systems (IPS), Intrusion Detec.on Systems (IDS), applica.on filtering devices and VPN’s. The configura.ons of these devices control the access and workflow of your data and it is vital that the devices remain secure -‐ so how do you maximise security?
SCANNERS & CONFIGURATION ANALYSERS
Vulnerability scanners are seen as an essen.al component of any cyber security review and they are becoming ever more sophis.cated; they build up a picture of your network and probe network ports & services in order to iden.fy vulnerabili.es. They are normally quick to implement and great at providing a ‘bigger picture’, unfortunately there are some drawbacks.
To fully check the firewall rules a network scanner would have to scan from every network address to every other network address and port. This is not prac.cal and even a typical network scan from a single address would generate significant quan..es of network traffic, this carries the risk of impac.ng service levels and IDS sekngs may block the scanner long before it finishes its task. Other problems include scans returning different results, which is dependent on the network connec.on used and staff inten.onally blocking ports at the .me of the scan (ensuring issues & threats remain undetected). Plus with network scanning not all the security sekngs can be tested using exposed services, even if you know the passwords.
So how do you get a truer picture of the vulnerability and threat levels that may exist on your systems? The answer is to conduct an in-‐depth audit of the actual device configura.on, and not rely solely on network scans to iden.fy issues which are difficult or impossible to detect. You have numerous choices as to how this can be achieved.
An external audi.ng company provides impar.al analysis, o`en combined with ‘Best Prac.ce’ advice; the reports will generally involve detailed recommenda.ons and prac.cal solu.ons and can be tailored to your own environment. This method has undeniable benefits but security audits can be very .me consuming both for the systems owner and the auditors. They also have the added disadvantage of the audits typically being performed by people who are not experts in the configura.on of the devices being audited.
A detailed examina.on of even an average sized firewall configura.on can take half a day to perform with addi.onal repor.ng .me required to write the actual report. Typically the final report would be finished and delivered 2 to 3 weeks following the comple.on of the assessment, not ideal if you were to experience a network a-ack before the report arrives.
Saving You Even More Time And Money
Nipper Studio now enables you to audit mul.ple network devices. Using the Nipper Studio, simply select the "New Report" menu op.on; add all the device configura.ons that you want to audit (selec.ng an en.re directory if you want). Click the "Next" bu-on to customize your report, then click on "Finish" to let Nipper Studio do all the work for you.
Typically Nipper Studio will finish audi.ng your configura.ons within a few seconds, enabling you to get on with reading the report that would of taken weeks to produce and deliver. As with tradi.onal security and configura.on audits, your reports can include:
• a .tle page with your company name or logo;
• a non-‐technical management summary including sta.s.cs and graphs;
• a report contents sec.on that lists the report sec.ons, tables and graphs;
• introduc.ons, including a breakdown of any ra.ng systems used and the report format conven.ons;
• detailed security audit issues which include a ra.ng, what was found, the impact of the issue, how easy it would be for an a-acker to exploit and the mi.ga.on recommenda.ons which will typically include the commands required to resolve the issue;
• a security audit conclusions which outlines the findings and a recommenda.ons sec.on that summarizes the recommenda.ons;
• a configura.on report which details how each network device is configured and explaining what many of the configura.on sekngs mean;
• An appendix sec.on which includes a breakdown of any abbrevia.ons used within the report together with other suppor.ng informa.on.
Customizable Reporting
Nipper Studio includes advanced report writing technology that enables the software to write a report in a similar manor to how a human would write a report. This is just one of the many areas that Nipper Studio stands above other automated software that generate reports by combining predefined sections of text together. When reading a Nipper Studio report it is easy to forget how it was authored.
A significant advantage of this technology is the ability to provide Nipper Studio with details about the report and your organization. For example, when you provide your organizations name Nipper Studio will write the report as if you had written it yourself. So Nipper Studio will report what issues you found and what recommendations you make.
The screenshot to the right shows Nipper Studio being customized with the company name "Cisco", a company logo and setting the report classification to "Restricted". Sections from the report are shown below highlighting just a few areas within the report where Nipper Studio has used this information.
Nipper has always featured a huge number of customization options, enabling you to tailor your reports for your organizations requirements. Enabling you to change your reports look and feel with your own organizations branding, such as fonts, colors and report layout. Your reports can then be saved in a variety of different formats including HTML, XML and CSV, enabling you to make use of productivity suites such as Microsoft Office or import the results in to your own custom systems.
Security Auditing And Issue Reporting Customization
Although having a well written and presented report is important, with years of real world security auditing experience with leading international corporations, financial institutions and government departments we also understand that the standard of the audit is essential. Nipper Studio performs a comprehensive audit of your devices settings, not just an examination of the firewall rules.
Just like with the report customization options, Nipper Studio provides a wide range of auditing options that will enable you to tailor your audits to meet the requirements of your organization. For example you can set your password policy or highlight key network services and network hosts that you would like identified during the firewall rule auditing. Then if Nipper Studio identifies any issues that are related to your organizations policy, your policy will be included in the recommendations.
Features that we have recently introduced based on our customers feedback include adding your own notes / comments to an issue once the report has been written, and excluding a particular device from an issue altogether. This functionality can quickly be accessed using the "Report" menu shown below.
Configuration Reporting
Although Nipper includes some powerful and extensive security auditing capabilities, some of our clients primarily use Nipper for its configuration reporting capabilities. Nipper can write a clear, consise and consistent configuration report for your devices regardless of which company manufacturered the device.
The configuration of each device is reported in related sections, such as administration services. To further explain what the configuration settings mean many of the protocols and options detailed in the report and accompanied with a description of what they are used for and the related RFCs.
Nipper Studio Pen Test
Nipper Studio from Titania offers a means to audit that o`en forgo-en part of your network; the network itself. Routers, switches, firewalls and other network appliances are the fabric of your network and should definitely be in-‐ scope for any rigorous informa.on security program.
Firstly it’s worth poin.ng out that Nipper Studio is not a tradi.onal vulnerability scanner that trawls your network looking for weak spots. Instead you feed Nipper Studio the configura.on files from your network devices and it audits them, producing a detailed report. This offline audi.ng means no traffic is generated by the audit and there’s no need to plug anything into your network, a definite plus for those working in high-‐security environments. Working from the inside out provides a totally different insight compared to tradi.onal network-‐based scanners.
Nipper Studio offers good cross-‐plaNorm support with packages available for Fedora, OpenSuSE, CentOS and Ubuntu flavours of Linux as well as Windows and Mac OS X. There is a good range of supported devices with all the usual players such as Cisco, Juniper and Checkpoint represented as well as some of the rising stars like SonicWALL on the list. As well as a GUI tool for genera.ng reports Nipper Studio includes a command line version, very useful for scrip.ng and automa.ng audits.
Fire it up and Nipper Studio starts with a clean UI showing your repor.ng, configura.on op.ons and built-‐in documenta.on. Crea.ng a report is as simple as clicking on the new report link and telling it the loca.on of your configura.on files. You can add mul.ple devices to a single report and load previous reports for comparison. Human readable full and summary reports can be generated in several formats including HTML, PDF, PostScript and LaTeX. Addi.onally you can create CSV, SQL and XML outputs enabling you to further process, report and archive your results.
The reports may appear on the surface very similar to vulnerability assessment reports from other tools but it is the level of detail that really shows off the benefits of this method of security audi.ng. Nipper Studio will report on firmware version, .meouts, rou.ng and VLAN configura.on, service banners, authen.ca.on and other configura.on best prac.ce which external scanners may miss. Exposing the internal configura.on of the device exposes poten.al issues that simply cannot be seen from the outside or may be .me consuming to evaluate such as weak authen.ca.on.
Reports on each finding are very detailed and include a severity level, ease of exploita.on and recommenda.ons on how to remedy the issue as well as CVSS v2 scores where applicable. Audits can be customised to include your organisa.on’s name and logo and to report based on your security organisa.on’s security policy such as password age and strength. You can also include your own notes and control which sec.ons of the report to include so you can tailor it to the intended audience.
An important feature worth men.oning again is ability to compare the results from previous reports. This enables you to see what has changed between audits and helps you to gauge the progress you’re making in improving the security posture of your network environment as well as highlight new threats. You will also be able to detect unauthorized or unplanned changes to your network outside of your change control process. It’s all too easy to make an ad hoc change and not document it, with unpleasant consequences further down the line. This is not a tool solely for point-‐in-‐.me inspec.on of your network.
