September 24th, 2002, 04:54 PM
Auditing Router ACLs
Can anyone give any insight/advice as to the best way to audit router acl's? I have been tasked with finding a way to audit our routers, and the only audit tool I could find was at the Center for Information Security. Can anyone else help out?
September 24th, 2002, 04:58 PM
TACACS (think free) or TACACS+?
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
September 24th, 2002, 06:12 PM
There are various network auditing software packages out there, but I think first off you need to have a good understanding of how data flows through your company's system. Also know what applications or systems are being accessed through the routers.
I would then print copies of the router configs and manually go through each ACL and understand what each is doing. You will begin to see what's blocked and what's not blocked. Most of these auditing systems are glorified port scanners which report back to you the open ports and what those ports are for. So why not get your own port scanner thats nonintrusive.
Ask many many questions of application owners of anything that comes out of the port scan and ACL audit.
If you have access to the routers, then you can easily find out version numbers, Flash and DRAM amounts, etc. you have.
I think you personally will get a lot more out of doing a manual audit.
Then of course you can spend the bucks and get a package or an outside security consultant to do it for you.
September 24th, 2002, 07:25 PM
I would agree with the above statement. Do it manualy and do it yourself. This will allow you to have a much better understanding of the traffic patterens in your network and you will probably see some areas that will need improvment. This will allow you be to more proactive instead of reactive.
September 24th, 2002, 10:16 PM
Excellent advice guys. I am sure that I will have to audit some ACLs soon myself, and this helped.
Opinions are like
holes - everybody\'s got\'em.