Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Security Group Pinpoints Cisco Router Weakness

    By
    Caron Carlson
    -
    February 20, 2002
    Share
    Facebook
    Twitter
    Linkedin

      As routers become an increasingly popular target of attack for sophisticated hackers, several public and private Internet security organizations have joined together to offer a fix.

      The SANS (System Administration, Networking and Security) Institute, working with UUNet, Cable &Wireless plc, the National Security Agency and the Center for Internet Security developed a Router Audit Tool (RAT) for Cisco Systems Inc. hardware.

      “Are we saying Cisco routers are vulnerable? The answer is yes,” said Alan Paller, director of research at the SANS Institute in Bethesda, Md. Charging that Cisco has not provided security remedies quickly enough, Paller said the user community must protect itself.

      Cisco did not participate in the development of RAT, although it did review it. “Its a good tool,” said Mike Furhman, head of Ciscos security consulting group. “Like all other tools, its not a magic wand thats going to solve all of your problems.”

      Cisco incident manager Jim Duncan also defended the security of Cisco routers and the companys response to problems. “Cisco sets the mark for responding to product vulnerabilities,” Duncan said. “Cisco routers dont have widespread vulnerabilities that havent been addressed.”

      Cisco lists best practices for router security on its own Web site. “This tool takes it up a level, more into the policy and configuration level,” Furhman said. “But it doesnt solve problems that havent been attempted to be solved before.”

      In a nutshell, RAT determines whether a router is an easy prey for hackers and figures out how to protect it. It downloads configurations of devices to be audited and checks them against a set of guidelines established by the National Security Agency, providing a security rating on a scale of 1 to 10. It also creates a list of IOS commands to correct identified problems.

      “In a sense its a parsing technique, which then uses rules available to demonstrate where a router configuration is not configured according to NSA guidelines,” said John Stewart, chief security officer at Digital Island, a Cable & Wireless company. “RAT is a leap ahead in our ability to audit the configurations of network devices. Automated auditing against best practices decreases the pain threshold of auditing.”

      The audit tool operates on Unix platform running Perl, but SANS and its partners are developing another version that will run on Windows systems.

      “Version 1 [of RAT] is only the beginning,” said Clint Kreitner, president and CEO of the Center for Internet Security. “Development is under way to make a version that works on Windows systems.”

      RAT can be downloaded from the CIS Web site at www.cisecurity.org.

      Avatar
      Caron Carlson

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×