Friday, August 7, 2009

Audit your Cisco router's security with Nipper

While recently googling on a net, I learned about Nipper. Although there are many security tools that i studied which is used to perform security audits of network devices, but i found Nipper unique, so i configure this on our office (SNGPL) production router.

What is Nipper (Network Infrastructure Parser), Nipper is an open source network devices security auditing tool. One benefit of being open source is that it’s free :)Previously known as CiscoParse, Nipper isn’t especially polished, but it is very functional. It was easy to install and easy to use.

Even more impressive :) is that it works with many different types of network devices (and not just Cisco). Here’s a list of compatible network devices that Nipper can audit:

Cisco switches (IOS)
Cisco routers (IOS)
Cisco firewalls (PIX, ASA, FWSM)
Cisco Catalyst switches (NMP, CatOS, IOS)
Cisco Content Service Switches (CSS)
Juniper NetScreen Firewalls (ScreenOS)

How to use NIPPER ?

Nipper supports a lot of devices and provides many options, so I here i can’t possibly demonstrate all those options. what i do is to show you the basic demonstration. For our example, we’ll use Nipper to audit a Cisco router that has only the default configuration.

To begin, I took a Cisco 1841 router. First, download Nipper from SourceForge.net it’s available for both Windows and Linux. Extract it to a folder on your local PC; let’s call it C:\nipper as i have done like this.

Next, obtain a text version of the router’s configuration file. Telnet or SSH to the router, use the show running-configuration command, copy and paste the output into Notepad, and save it to your local PC in the aforementioned C:\nipper directory.

Alternatively, you can use a TFTP server and copy the configuration to your local PC. For example, I tried this using Tftpd32.exe, and it was both quick and easy. Use the following command to copy the file if some one don't know how to do :)

PSW-DXX # copy startup-config tftp:
Address or name of Remote Host: 10.110.1.22
Destination filename[startup-config] yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! OK :)


Once you have the running configuration that you want to audit on your PC, go to the Windows command prompt, and CD into the Nipper directory. Run the following, as shown in Figure A:




C:\nipper> nipper --ios-router --input=startup-config.txt --output=audit.html


The system will immediately return you to the command prompt without providing any information. But don’t worry — it worked.

Next, open a Web browser and enter this URL: c:\nipper\audit.html. This will take you to the security report. Figure B offers a screenshot of the audit.




What does Nipper tell you?

Scrolling through this report, you’ll see that Nipper provides security audit information such as:

1. A software version that has vulnerabilities and the reference numbers for those vulnerabilities
2. Recommendations to disable services that might cause others to be able to access the router
3. Commands that you need to enable to secure the router
For our example, Nipper told us that we need to do the following:

a): Upgrade the router’s IOS needs to prevent vulnerability to a Telnet remote DoS attack and a TCP listener DoS attack.
b): Configure the service tcp-keepalives-in command to help prevent a DoS attack.
c): Configure timeouts on consoles to prevent anyone from gaining access to the router from a Telnet or console session.
d): Configure the HTTP service as secure with HTTPS, and enable authentication.
Enable logging.

In addition to several other recommendations, Nipper provided a summary of the device’s configuration — what services are turned on or off, status of the lines, status of the interfaces, DNS, time zone, and more. Check out the actual report from our example.

Considering that it’s so small, simple, and free, Nipper is an amazingly powerful network device security auditing tool. For help with Nipper, run the C:\nipper\nipper -help command at the command prompt after you’ve downloaded, extracted, run the program.

I hope it will be informative for you as i found it very useful :)

Enjoy!

22 comments:

nayyares said...

cool, nice finding...

cheers

Khush Dil Khan said...
This comment has been removed by the author.
Khush Dil Khan said...

cool man
I have seen this tool in linux as well have u tried it?

PaulK said...

I have used it in Linux and it was very simple.

Is this still open source? I can't download it from sourceforge and the titania site wants you to purchase a license.

SOHAIL AKHTAR said...

@ Paulk
Thnx man.....and it is available there, i used the same link to download it but if u r unable send me ur email id i will send it to u by email.

Cheers

nayyares said...

@Sohail, they are not showing files at http://sourceforge.net/projects/nipper/files/ could be sourceforge website issue, somehow it is not available...better first confirm if it is available free, otherwise spreading their binaries can cause big problems.

thanks

SOHAIL AKHTAR said...

@Nayyar.....it is available free there as i have download frm there, first u have to b register thier and then u can download frm there, but nay way let me find another location and will share it with u.

Anonymous said...

Thanks for sharing...
if possible, can email me the win version to xrick888-en@yahoo.com.sg

Waseem said...

Dea Sohail,

Can you send windows version to

anwar_waseem@hotmail.com
or
anwar.waseem@gmail.com ??

I cant find it on site.

Please dont forget :)

SOHAIL AKHTAR said...

Hello Waseem, Thnx for reading Me :)
As far as Nipper for Windows is concern, so Nipper has taken their sourceforge's download down......!so cant help you! unless they bring it back ! as far as Linux is concern so still u can get it frm net frm the following link
http://opensource.erve.vtt.fi/nipper/download.html
and i also contact Mr.Sami Lehtonen at sami.lehtonen@vtt.fi on this likn and his reply was
"Hi,

unfortunately we don't currently have a Windows version of Nipper. Basically,
it could be possible to compile it with gnu tools in Windows but I really
don't know whether it would work there; I don't have such experience in socket
programming in windows environment.

- BR, Sami Lehtonen"

Once again thnx for reading me

Cheers :)

Anonymous said...

PPC Ad
very useful, thanx a lot for thuis bolg ..... This is what I was lokoing for.

Anonymous said...

gгеat post, very informatіve. I wonԁer why the othеr ѕpecialists οf
this sector don't notice this. You must proceed your writing. I am confident, you'vе a greаt rеаders' base already!

Also visit my web page - pubic hair

Anonymous said...

Hi therе, I found yοur blog via Goοgle at
the same time as seаrсhing foг a related mаtter,
your sitе got here up, it apρears tο be like gooԁ.
I've bookmarked it in my google bookmarks.
Hello there, just became alert to your blog via Google, and found that it is really informative. I am going to be careful for brussels. I'll aρprеciate in the event you continue thіs in future.

Many fοlks will pгobablу be benefited out of уour writing.

Cheеrs!

Look at my page: people chat

Anonymous said...

Hi, constantlу i used to сheck weblog posts
here in the early hours in the ԁaylight, ѕince і lovе to
find out more and more.

Feel free to suгf to my hоmеρage - acne treatments

Anonymous said...

Нmm iѕ аnyone else experiencing problemѕ with the pіctuгes
on this blog loаԁіng? ӏ'm trying to find out if its a problem on my end or if it's
the blog. Any fееdbacκ would
be greatlу appreсіаtеd.


Look at my homepage :: female muscle bodybuilding

priya said...

Please mail win version to prishamehndiratta@gmail.com

Anonymous said...

Hello to every single one, it's really a good for me to visit
this site, it contains valuable Information.

My web-site :: microsoft surface pro accessories

ninest123 said...

replica watches, ugg boots, ralph lauren pas cher, oakley sunglasses, louis vuitton, nike roshe run, chanel handbags, burberry, kate spade outlet, louis vuitton outlet, nike outlet, longchamp, louboutin shoes, gucci outlet, ray ban sunglasses, air jordan pas cher, nike free, jordan shoes, sac longchamp, uggs on sale, louboutin, nike free, cheap oakley sunglasses, nike air max, prada outlet, air max, christian louboutin outlet, tory burch outlet, longchamp pas cher, polo ralph lauren outlet, ugg boots, polo ralph lauren outlet, louis vuitton, replica watches, nike air max, louboutin pas cher, oakley sunglasses, tiffany jewelry, oakley sunglasses, ray ban sunglasses, louis vuitton, prada handbags, michael kors, ray ban sunglasses, louis vuitton outlet, louboutin outlet, longchamp outlet, oakley sunglasses, longchamp outlet, tiffany and co

ninest123 said...

michael kors, hermes, michael kors outlet, converse pas cher, vans pas cher, true religion jeans, michael kors, nike roshe, tn pas cher, michael kors outlet, michael kors outlet, michael kors outlet, north face, nike air max, mulberry, coach outlet, nike air max, ugg boots, nike free run uk, north face, replica handbags, nike air max, sac guess, michael kors outlet, lululemon, true religion jeans, abercrombie and fitch, nike blazer, hollister pas cher, michael kors, new balance pas cher, hogan, oakley pas cher, kate spade handbags, true religion outlet, coach outlet, air force, burberry outlet online, vanessa bruno, ugg boots, timberland, ray ban pas cher, true religion jeans, coach purses, lacoste pas cher, hollister, burberry, ralph lauren uk, ray ban uk, michael kors

ninest123 said...

vans shoes, beats by dre, ghd, lancel, herve leger, new balance, ray ban, ralph lauren, abercrombie and fitch, celine handbags, north face outlet, birkin bag, louboutin, chi flat iron, soccer jerseys, nike air max, ferragamo shoes, mont blanc, insanity workout, hollister, jimmy choo shoes, nfl jerseys, soccer shoes, nike huarache, nike air max, nike roshe, wedding dresses, instyler, iphone cases, p90x workout, timberland boots, reebok shoes, mcm handbags, gucci, oakley, hollister, asics running shoes, valentino shoes, longchamp, converse, vans, converse outlet, baseball bats, hollister, north face outlet, bottega veneta, lululemon, babyliss, mac cosmetics, nike trainers

ninest123 said...

bottes ugg, ugg boots uk, ugg,uggs,uggs canada, canada goose uk, canada goose outlet, pandora jewelry, moncler, hollister, marc jacobs, swarovski, juicy couture outlet, replica watches, canada goose, moncler, swarovski crystal, links of london, wedding dresses, moncler outlet, thomas sabo, karen millen, pandora jewelry, moncler, montre pas cher, juicy couture outlet, ugg pas cher, louis vuitton, moncler, moncler, louis vuitton, moncler, louis vuitton, supra shoes, coach outlet, canada goose, toms shoes, ugg,ugg australia,ugg italia, moncler, doudoune canada goose, canada goose, canada goose outlet, louis vuitton, pandora charms, canada goose, sac louis vuitton pas cher, pandora charms

Fghkfhk Dfgaert said...

qzz0529
prada sunglasses
barcelona jersey
canada goose jackets
coach outlet online
basketball shoes
five fingers shoes
air huarache
coach outlet
polo ralph lauren
kevin durant shoes