A Fast Route Out of Config Trouble

By Jim Rapoza  |  Posted 2002-04-29

Despite all the attention that worms and security holes get, routers have become one of the most common points of attacks for hackers, mainly due to poor configurations.

The National Security Agency publishes free guides to securing Cisco routers, but these guides can be intimidating, especially for IT workers who have limited familiarity with Ciscos IOS. Fortunately, a new tool from the Center for Internet Security makes it simple to find out where a router needs to be secured and how to secure it.

The CIS free Router Audit Tool can scan a router through a Telnet connection and run a battery of tests (each rated on a scale of 1 to 10, with 10 being the most severe trial) to determine whether the router has been configured securely. On each test, the router receives a pass/fail score; the tool also provides a final score based on the total tests.

The results can be viewed in HTML or in text files. In the HTML results, each failed test is marked in red.

In tests, the Router Audit Tool quickly scanned a router and pointed out several needed fixes, including turning off an SNMP server that I thought I had disabled. Even better, it provided a detailed list of IOS commands that needed to be carried out to fix the problems it found. This is especially useful for those who are a little rusty in IOS.

The Router Audit Tool runs on Unix and Windows, although on Windows it requires Active-States ActivePerl. The ActivePerl tool can be downloaded from www.cisecurity.org.

Rocket Fuel