Sridhar Ayengar wrote: > Fred Reimer wrote: >> Exactly, autosecure is just a macro. It is always advisable to check the >> actual router configuration after it is completed. The engineer should make >> sure they understand how all of the commands implemented, and if they don't >> research them and make sure they know of any caveats. > > Is there anything similar that will allow me to take a router > configuration file and interactively process it on an external system to > increase security on my router?
Yes. You can use RAT (Router Audit Tool). http://www.cisecurity.org/ However that still doesn't exempt the admin from knowing exactly what each and every suggested command does. RAT bitches and moans about my configs because I don't ever set VTY passwords. RAT doesn't have the ability to recognize that they are not needed in my scenario because I utilize full AAA. RAT is programmed to look for certain things and give the pre-determined output. It's still a good tool but you have to understand what it's telling you to figure out if in fact there is a problem to be addressed. As always with security, there is no silver bullet. Justin _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
