Re: network policy checking



For cisco router and pix config reviews look at the CIS RAT (Router
Audit Tool). Its pretty good considering its freeware.

On Thu, Mar 27, 2008 at 11:45 PM, Sony C <raagamuffin@xxxxxxxxx> wrote:
Todd,

My primary area of interest is to see if the network I am assessing meets certain best practices, for eg: all the CISCO routers have a certain QOS, or IPSec/GRE tunnels are supported, etc.
Hope this clarifies things a bit?

Regards,
SC.


----- Original Message ----
From: Todd Haverkos <fsbo@xxxxxxxxxxxx>
To: Sony C <raagamuffin@xxxxxxxxx>
Cc: pen-test@xxxxxxxxxxxxxxxxx
Sent: Thursday, March 27, 2008 10:29:57 PM
Subject: Re: network policy checking


Sony C <raagamuffin@xxxxxxxxx> writes:

> Hello fellow pen-testers,
>
> I am looking for tools that perform network policy checking. Specifically, tools that allow the user to define a policy and then test the network elements to see if they adhere to this policy. As one might guess, this can be accomplished either via config file checking (passive) or actual network testing (active, via SNMP etc).
> I am interested in both flavors, if they are available. These tools can be commercial or open-source/free/shareware.
> While it is a broad requirement, this hypothetical tool will primarily be looking at routers, firewalls, etc.
>
> Thank you in advance for sharing your thoughts.

Hi Sony,

Could you give some examples of specific routers and firewalls you're
looking to check, and what an example "network policy" issues you're
interested in? It might help focus down some of the recommendations.







____________________________________________________________________________________


Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • Re: Can someone recommend a router/switch please
    ... Im would like to purchase a cisco router and switch to ... A dual ethernet model would be ideal ... for what they charge for some of the dual ether routers on ...
    (comp.dcom.sys.cisco)
  • Re: Is a s/w firewall needed with NAT?
    ... >Cisco router, configured for PAT, didn't seem to stop unsolicited ... broadband routers do work differently than "regular" routers ... list are defined for an interface. ...
    (comp.security.firewalls)
  • Cisco Web GUI ? For list all routers and connect it
    ... i am search a software GUI for list all of my cisco router ... (not auto detect, ... Web PHP interface, i can see snmp information of the routers ...
    (comp.dcom.sys.cisco)
  • Re: DECnet-IV strangeness in NCP
    ... other Phase-IV routers in this area, and a Cisco Router ... doing Area routing to the rest of the world. ... Hoff Hoffman wrote: ...
    (comp.os.vms)
  • Re: network policy checking
    ... My primary area of interest is to see if the network I am assessing meets certain best practices, for eg: all the CISCO routers have a certain QOS, or IPSec/GRE tunnels are supported, etc. ... While it is a broad requirement, this hypothetical tool will primarily be looking at routers, firewalls, etc. ...
    (Pen-Test)