As routers become an increasingly popular target of attack for sophisticated hackers, several public and private Internet security organizations have joined together to offer a fix.
The SANS (System Administration, Networking and Security) Institute, working with UUNet, Cable &Wireless plc, the National Security Agency and the Center for Internet Security developed a Router Audit Tool (RAT) for Cisco Systems Inc. hardware.
“Are we saying Cisco routers are vulnerable? The answer is yes,” said Alan Paller, director of research at the SANS Institute in Bethesda, Md. Charging that Cisco has not provided security remedies quickly enough, Paller said the user community must protect itself.
Cisco did not participate in the development of RAT, although it did review it. “Its a good tool,” said Mike Furhman, head of Ciscos security consulting group. “Like all other tools, its not a magic wand thats going to solve all of your problems.”
Cisco incident manager Jim Duncan also defended the security of Cisco routers and the companys response to problems. “Cisco sets the mark for responding to product vulnerabilities,” Duncan said. “Cisco routers dont have widespread vulnerabilities that havent been addressed.”
Cisco lists best practices for router security on its own Web site. “This tool takes it up a level, more into the policy and configuration level,” Furhman said. “But it doesnt solve problems that havent been attempted to be solved before.”
In a nutshell, RAT determines whether a router is an easy prey for hackers and figures out how to protect it. It downloads configurations of devices to be audited and checks them against a set of guidelines established by the National Security Agency, providing a security rating on a scale of 1 to 10. It also creates a list of IOS commands to correct identified problems.
“In a sense its a parsing technique, which then uses rules available to demonstrate where a router configuration is not configured according to NSA guidelines,” said John Stewart, chief security officer at Digital Island, a Cable & Wireless company. “RAT is a leap ahead in our ability to audit the configurations of network devices. Automated auditing against best practices decreases the pain threshold of auditing.”
The audit tool operates on Unix platform running Perl, but SANS and its partners are developing another version that will run on Windows systems.
“Version 1 [of RAT] is only the beginning,” said Clint Kreitner, president and CEO of the Center for Internet Security. “Development is under way to make a version that works on Windows systems.”
RAT can be downloaded from the CIS Web site at www.cisecurity.org.