Test Router/Switch Vulnerabilities

r_durant

I'm not sure if this is the right forum for this question to be in, but I assume I will be guided accordingly...

Is there, or what penetration tools are available that would allow me to run against routers or switches, or even a pix firewall to test for possible security vulnerabilities?

Or something that says, well you have it configured this way, but this way is the recommended best practice?

Or even if the IOS that I'm running is vulnerable because of these listed vulnerabilities...

We don't have a pen test pending or anything, I just want to know and note what state our devices are in...

My devices range from 805, 1700, 2600, 2800, 3800 routers and 2950, 3550 and 3750 switches, plus pix 515E running 6.2 and 7.2.

Thanks,
Ryan

laidbackfreak

well I use nmap plus a few others.....

take a look here for starters and see how you get on....

http://insecure.org/

worth looking at the top 100hundred tools while your there.....

mikearama

I'm a fan of the Security Audit in the SDM of the newer ISR's. If any of your routers are ISR's, run the audit, and make note of the suggestions made in the gui.

After making notes of the places where we wanted to implement secure policies in our ISR's, I manually made those same changes, where possible, on the rest of our network devices.

You just have to have one ISR to be able to see and take advantage of cisco's best practices.

dynamik

You might want to check this book out as well: http://www.amazon.com/Penetration-Testing-Network-Networking-Technology/dp/1587052083/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1228837055&sr=8-1

Has anyone read that? I haven't, but it's on my list.

laidbackfreak

while i agree the security audit of the newer isr is good and indeed does help you implement best pratices, i think if your looking to test your systems there's no better way than using what the bad guys use

i've not got that book yet dyn, but it is on my list....

ive got a few security books.... grey hat hacking, couple of the hacking exposed books, a couple of cissp as well as the usual firewall ips course books...

tech-airman

r_durant wrote:

I'm not sure if this is the right forum for this question to be in, but I assume I will be guided accordingly...

Is there, or what penetration tools are available that would allow me to run against routers or switches, or even a pix firewall to test for possible security vulnerabilities?

Or something that says, well you have it configured this way, but this way is the recommended best practice?

Or even if the IOS that I'm running is vulnerable because of these listed vulnerabilities...

We don't have a pen test pending or anything, I just want to know and note what state our devices are in...

My devices range from 805, 1700, 2600, 2800, 3800 routers and 2950, 3550 and 3750 switches, plus pix 515E running 6.2 and 7.2.

Thanks,
Ryan

r_durant,

Does your organization have a security policy in place?

seuss_ssues

Checkout Nessus its one of the most comprehensive network vulnerability scanners.

dynamik

It looks like BackTrack 3 has some Cisco-specific tools as well.

r_durant

Thanks guys...

I'm going to have a look at the tools each of you mentioned and see what they can do...

Tech-airman...I'd have to say no, there's not a whole lot of structure in place right now...

Met44

There is also the Router Audit Tool (RAT) from the Center for Internet Security:

http://www.cisecurity.org/bench_cisco.html

It is no longer actively updated, but it came recommended to me. I have never used it myself. They also have a PIX tool, and other tools for paying members.