Router Defense - BRUcon 2010

1,206 views
1,143 views

Published on

Router Defense

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,206
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Router Defense - BRUcon 2010

  1. 1. Router Defense Cisco IOS security assessment tool Lightning talk day 2 - 2010
  2. 2. Operational security Did you ever seen a Cisco network device with security BCP enforced? « The network is more powerful than the node »
  3. 3. The network moves Network (re)design Configuration changes Compromised network devices Network usage (Software update policy, devs plays with mcast) RouterDefense will adapt Recurrent assesment schedule for teh win
  4. 4. Threat base reference model Enterprise/Service providers networks agnostic IPv4/IPv6/MPLS Cisco Guide to Harden Cisco IOS Devices (Cisco) Cisco IOS Switch Security Configuration Guide (NSA) Tool's author experience 0-dayz vendor EPIC FAIL proactive prevention (cisco-sa-20100707-snmp)
  5. 5. Features Reads Cisco IOS config with a security mindset Management, control, data planes Stdout, HTML(5+CSS3), CSV, PDF output Three-tier architecture Router/switch scenarii IOS versioning CVSS base vectors scoring 138 tests
  6. 6. Demo
  7. 7. HTML output
  8. 8. Router Defense tool Written in python during spare time wc -l *.{py,xml} | tail -1 | awk '{ print $1}' 9336 Version 0.2 Available at Google Code http://code.google.com/p/routerdefense/
  9. 9. $ whoami Francois Ropert Topics of interest: network protocols and devices security Feel free to ping6 me at: http://www(6).packetfault.org @pello

×