Thanks to everyone for all the great info!
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > [EMAIL PROTECTED] On Behalf Of Rikard Skjelsvik > Sent: Monday, March 24, 2008 4:42 PM > To: [email protected] > Subject: Re: [c-nsp] Router security defaults (WAS RE: Proxy ARP -- To > disable, or not to disable..) > > Justin Shore wrote: > > Sridhar Ayengar wrote: > > > >> Fred Reimer wrote: > >> > >>> Exactly, autosecure is just a macro. It is always advisable to > check the > >>> actual router configuration after it is completed. The engineer > should make > >>> sure they understand how all of the commands implemented, and if > they don't > >>> research them and make sure they know of any caveats. > >>> > >> Is there anything similar that will allow me to take a router > >> configuration file and interactively process it on an external > system to > >> increase security on my router? > >> > > > > Yes. You can use RAT (Router Audit Tool). > > > > http://www.cisecurity.org/ > > > > However that still doesn't exempt the admin from knowing exactly what > > each and every suggested command does. RAT bitches and moans about > my > > configs because I don't ever set VTY passwords. RAT doesn't have the > > ability to recognize that they are not needed in my scenario because > I > > utilize full AAA. RAT is programmed to look for certain things and > give > > the pre-determined output. It's still a good tool but you have to > > understand what it's telling you to figure out if in fact there is a > > problem to be addressed. > > > > As always with security, there is no silver bullet. > > > > Justin > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > Or you could use nipper > > http://sourceforge.net/projects/nipper > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
