What is Nipper (Network Infrastructure Parser), Nipper is an open source network devices security auditing tool. One benefit of being open source is that it’s free :)Previously known as CiscoParse, Nipper isn’t especially polished, but it is very functional. It was easy to install and easy to use.
Even more impressive :) is that it works with many different types of network devices (and not just Cisco). Here’s a list of compatible network devices that Nipper can audit:
Cisco switches (IOS)
Cisco routers (IOS)
Cisco firewalls (PIX, ASA, FWSM)
Cisco Catalyst switches (NMP, CatOS, IOS)
Cisco Content Service Switches (CSS)
Juniper NetScreen Firewalls (ScreenOS)
How to use NIPPER ?
Nipper supports a lot of devices and provides many options, so I here i can’t possibly demonstrate all those options. what i do is to show you the basic demonstration. For our example, we’ll use Nipper to audit a Cisco router that has only the default configuration.
To begin, I took a Cisco 1841 router. First, download Nipper from SourceForge.net it’s available for both Windows and Linux. Extract it to a folder on your local PC; let’s call it C:\nipper as i have done like this.
Next, obtain a text version of the router’s configuration file. Telnet or SSH to the router, use the show running-configuration command, copy and paste the output into Notepad, and save it to your local PC in the aforementioned C:\nipper directory.
Alternatively, you can use a TFTP server and copy the configuration to your local PC. For example, I tried this using Tftpd32.exe, and it was both quick and easy. Use the following command to copy the file if some one don't know how to do :)
PSW-DXX # copy startup-config tftp:
Address or name of Remote Host: 10.110.1.22
Destination filename[startup-config] yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! OK :)
Once you have the running configuration that you want to audit on your PC, go to the Windows command prompt, and CD into the Nipper directory. Run the following, as shown in Figure A:
C:\nipper> nipper --ios-router --input=startup-config.txt --output=audit.html
The system will immediately return you to the command prompt without providing any information. But don’t worry — it worked.
Next, open a Web browser and enter this URL: c:\nipper\audit.html. This will take you to the security report. Figure B offers a screenshot of the audit.
What does Nipper tell you?
Scrolling through this report, you’ll see that Nipper provides security audit information such as:
1. A software version that has vulnerabilities and the reference numbers for those vulnerabilities
2. Recommendations to disable services that might cause others to be able to access the router
3. Commands that you need to enable to secure the router
For our example, Nipper told us that we need to do the following:
a): Upgrade the router’s IOS needs to prevent vulnerability to a Telnet remote DoS attack and a TCP listener DoS attack.
b): Configure the service tcp-keepalives-in command to help prevent a DoS attack.
c): Configure timeouts on consoles to prevent anyone from gaining access to the router from a Telnet or console session.
d): Configure the HTTP service as secure with HTTPS, and enable authentication.
In addition to several other recommendations, Nipper provided a summary of the device’s configuration — what services are turned on or off, status of the lines, status of the interfaces, DNS, time zone, and more. Check out the actual report from our example.
Considering that it’s so small, simple, and free, Nipper is an amazingly powerful network device security auditing tool. For help with Nipper, run the C:\nipper\nipper -help command at the command prompt after you’ve downloaded, extracted, run the program.
I hope it will be informative for you as i found it very useful :)