Justin Shore wrote: > Sridhar Ayengar wrote: > >> Fred Reimer wrote: >> >>> Exactly, autosecure is just a macro. It is always advisable to check the >>> actual router configuration after it is completed. The engineer should make >>> sure they understand how all of the commands implemented, and if they don't >>> research them and make sure they know of any caveats. >>> >> Is there anything similar that will allow me to take a router >> configuration file and interactively process it on an external system to >> increase security on my router? >> > > Yes. You can use RAT (Router Audit Tool). > > http://www.cisecurity.org/ > > However that still doesn't exempt the admin from knowing exactly what > each and every suggested command does. RAT bitches and moans about my > configs because I don't ever set VTY passwords. RAT doesn't have the > ability to recognize that they are not needed in my scenario because I > utilize full AAA. RAT is programmed to look for certain things and give > the pre-determined output. It's still a good tool but you have to > understand what it's telling you to figure out if in fact there is a > problem to be addressed. > > As always with security, there is no silver bullet. > > Justin > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > Or you could use nipper
http://sourceforge.net/projects/nipper _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
