Results 1 to 5 of 5

Thread: Auditing Router ACLs

  1. #1
    Junior Member
    Join Date
    May 2002

    Question Auditing Router ACLs

    Can anyone give any insight/advice as to the best way to audit router acl's? I have been tasked with finding a way to audit our routers, and the only audit tool I could find was at the Center for Information Security. Can anyone else help out?


  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    TACACS (think free) or TACACS+?

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3


    There are various network auditing software packages out there, but I think first off you need to have a good understanding of how data flows through your company's system. Also know what applications or systems are being accessed through the routers.

    I would then print copies of the router configs and manually go through each ACL and understand what each is doing. You will begin to see what's blocked and what's not blocked. Most of these auditing systems are glorified port scanners which report back to you the open ports and what those ports are for. So why not get your own port scanner thats nonintrusive.

    Ask many many questions of application owners of anything that comes out of the port scan and ACL audit.

    If you have access to the routers, then you can easily find out version numbers, Flash and DRAM amounts, etc. you have.

    I think you personally will get a lot more out of doing a manual audit.

    Then of course you can spend the bucks and get a package or an outside security consultant to do it for you.

    Good Luck!

  4. #4
    I would agree with the above statement. Do it manualy and do it yourself. This will allow you to have a much better understanding of the traffic patterens in your network and you will probably see some areas that will need improvment. This will allow you be to more proactive instead of reactive.

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Excellent advice guys. I am sure that I will have to audit some ACLs soon myself, and this helped.
    Opinions are like holes - everybody\'s got\'em.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts