SANSFire 2008 – Audit 507 – Day 2

Today we covered what it takes to audit Cisco (and other) routers and firewalls. I learned a couple of new things about Cisco IOS, but in auditing, we are mainly concerned with ensuring that things are doing what they’re supposd to do, not necessarily configuring or doing in-depth troubleshooting.

Again, we covered tips and techniques to help admins appreciate what the role of an auditor is, and to demonstrate that we’re not “the enemy,” but here to help.

We did a few exercises, including analyzing a router config file (in which every single line of the IOS has errors), reviewing a firewall ruleset with similar errors, and conducting a sample audit on a network of virtual machines. I was exposed to a couple of new (to me) tools made specifically for auditing Cisco routers, RAT and Nipper, which analyze configurations for common problems and present them in a (sometimes) easy to understand report.

The exercises are not as tough as some other training I’ve had, by far, but at the end of the day, I’m definitely feeling that I’ve absorbed enough that I need to take a break and unplug for a while, which is a good thing.