February 12, 2009
How to Parse Firewall Configs with Nipper.
Who said analyzing firewalls and network devices was something tedious and cumbersome?
Well your problems are over: Introducing Nipper, the network device configuration
parser. I have found that nipper aids tremendously in helping audit and analyze network
devices during our assessments, reducing tremendously the time it takes to analyze
a network device configuration file. Nipper offers comprehensive and detailed reports
which anyone can understand. Nipper helps security administrators to check their network
devices for known vulnerabilities and configuration flaws, and attending the need
for industry standards and compliance controls such as PCI, HIPAA, ISO and BITS, and
the best part of using Nipper is the fact that this tool is absolutely free.
Supported
Devices
- Checkpoint
VPN-1/Firewall-1 - Cisco
Catalysts - Cisco
Content Services Switch. - Cisco
Routers - Cisco
Security Applicances (PIX, ASA and FWSM) - Juniper
NetScreens Firewalls - Nokia
IP Firewalls - Notel
Passports - Sonicwall
SonicOS Firewalls
How
to use Nipper
- Download
Nipper for free at : http://sourceforge.net/forum/forum.php?forum_id=722046 - Unzip
the file to a working directory ex: c:nipper - Open
the command line ( start > run > cmd ) - Create
a folder inside the working directory called config ( c:nipperconfig ) - Obtain
a copy of your device’s config file.
Example
on how to get the config of a Cisco Router.
- Log
on to the device IOS or Console. - Authenticate
with your credentials. - Type
at the command line: show
running config - Copy
the contents displayed. - Open
notepad (start
-> run -> notepad) - Paste
the contents onto notepad and save it as
. config
Command:
Nipper.exe –
–input=c:nipperconfigfile.config –output=report_
.html
List
of device type and Output:
| Device Model | Syntax | Output |
| Cisco Catalyst (IOS) | –IOS-CATALSYT | HTML / XML / TXT |
| Cisco Catalyst (NMP/CatOS) | –CATOS | HTML / XML / TXT |
| Cisco CSS | –CSS | HTML / XML / TXT |
| Cisco Security Appliance(ASA / PIX / FWSM) | –PIX– ASA–FWSM | HTML / XML / TXT |
| Juniper NetScreen Firewall | –SCREENOS | HTML / XML / TXT |
| Nokia IP Firewall | –NOKIA | HTML / XML / TXT |
| Nortel Passport | –PASSPORT | HTML / XML / TXT |
| SONICWALL SonicOS Firewall | –SONICOS | HTML / XML / TXT |
| Cisco IOS | –IOS-ROUTER | HTML / XML / TXT |
Example
of a Nipper report:
Below
is an example of a Nipper HTML Report.
Nipper
Functionalities and Benefits:
- Provides
a series of recommendations to disable services that might lead to unauthorized access
to the router or network. - Checks
device OS version for vulnerabilities linking them to known vulnerability Databases. - Commands
and recommendations to harden the network devices. - Help
configure logging and monitoring. - Preform
Security Audits. - Password
complexity check.