Cisco Security Guide 1.0

8/8/2019 Cisco Security Guide 1.0

http://slidepdf.com/reader/full/cisco-security-guide-10 1/9

Using Nipper With Cisco Security Applicances(ASA, FWSM And PIX)

User Guide



Using Nipper With Cisco Security Applicances (ASA, FWSM And PIX)

Version Information

Record of Changes

Issue Date Detail of changes

1.0 6th July 2009 Initial version

Copyright Titania 2009 Page i




Contents

Version Information i

Contents ii

1 Introduction 1

2 Getting The Configuration 2

2.1 Using ASDM And PDM 2

2.2 Using TFTP 3

2.3 Using SSH, Telnet Or The Console 4

3 Using Nipper 5

3.1 Nipper One 5

3.2 Nipper Command Line Tool 5

4 Support 6

4.1 On-Line 6

Copyright Titania 2009 Page ii




1 Introduction

This guide is intended to be a device specific supplement to the “Getting Started With Nipper

1.0” user guide. This document specifically focuses on Cisco Security Appliances such asASA, FWSM and PIX devices. The guide highlights different methods you can employ in order

to extract the configuration from your Cisco device and then how to use that configuration file

with Nipper to generate a security audit of your device.

Cisco provide a range of detailed technical documents for their devices which can be

downloaded from the Cisco web site at: http://www.cisco.com.

Copyright Titania 2009 Page 1

http://www.cisco.com/

http://www.cisco.com/




2 Getting The Configuration

There are multiple ways that you can extract the configuration from your Cisco Security

Appliance, this section outlines just three of those.

Your configuration should be treated as sensitive information, just like your personal details

should be considered as sensitive information. For that reason we would recommend that the

configuration should be transfered using an encrypted connection in order to help prevent it

from being leaked. We recommend that you use either ASDM, PDM, SSH or a direct console

connection to the device in order to get the configuration.

More information on extracting your devices configuration can be found in your devices

documentation.

2.1 Using ASDM And PDM

The ASDM and PDM interfaces can be accessed using a web browser with Java capabilities.Whether you have access to ASDM or PDM will depend on your security appliance (and its

age), but the procedure is the same for both. The procedure for getting the configuration from

the your device is as follows:

1. Using your favorite web browser, connect to the HTTPS service provided by your Cisco

device for remote management. You can do this by entering https:// followed by

your devices IP address.

2. On ADSM-capable devices, click on the “Run ADSM as a Java Applet” button.

3. Logon using your administration username and password.

4. You should now see the ADSM or PDM application, both of which are shown in the

screens below.

5. You can show the “running-config” using the option on the File menu.

6. Copy and paste the configuration into a file to use with Nipper.

Cisco ASDM:





Cisco PDM:

2.2 Using TFTP

We don’t recommend using TFTP to transfer your configuration due to weaknesses in the

protocol, the other methods described in this section are more secure. However, here is the

procedure for using TFTP:

1. Connect to the Cisco device using SSH, Telnet, ASDM, PDM or through a Consoleconnection.

2. Login to your Cisco PIX device.

3. Transfer the configuration using the TFTP command write net

<ip-address>:<filename>





2.3 Using SSH, Telnet Or The Console

For this procedure you will be using the Command Line Interface (CLI) of your Cisco device

using an SSH client (such as OpenSSH or Putty), Telnet or through the console port. We

would recommend using either SSH (for remote connections) or using a direct connection tothe console port. Telnet provides no encryption of the communications and therefore your

authentication credentials and configuration would be vulnerable if a malicious user were to

monitor your connection.

Use the following procedure to obtain a copy of the configuration file:

1. Connect to the Cisco using your favorite SSH client, Telnet or a direct console

connection.

2. Logon using your administration authentication credentials.

3. Enter enable and type in your enable password.

4. Execute the following CLI command and capture the output (possibly using the cut and

paste facility):show run

5. Save the captured output to a file and remove any visible page lines (i.e. –More–).





3 Using Nipper

3.1 Nipper One

From the Nipper One main screen select, depending on your device, the “Cisco Security

Appliance (ASA)”, “Cisco Security Appliance (FWSM)” or “Cisco Security Appliance (PIX)”

device type from the drop down list. Select your configuration file, in the screenshot below the

configuration was saved in a file called myconfig.txt.

Once you are ready, click the “Go” button and the security audit will be performed and a report

will be shown on your screen.

3.2 Nipper Command Line Tool

You can specify that the configuration file is from a Cisco Security Appliances using the -asa,

-fwsm or -pix command line options. For example if your configuration was saved in a file

called myconfig.txt, you could generate a report using the following commands:

For ASA devices:

nipper --asa --input=myconfig.txt --output=myreport.html

For FWSM devices:

nipper --fwsm --input=myconfig.txt --output=myreport.html

For PIX devices:

nipper --pix --input=myconfig.txt --output=myreport.html





4 Support

4.1 On-Line

The Titania web site (http://www.titania.co.uk) has a support section that includes

documentation, updates, frequently asked questions (FAQ), forums and more. If you have

any feature requests or identify any bugs, these can be added to the Titania Bugzilla system.

You will then be notified by email of any changes made to your entries or those that you are

monitoring.


http://www.titania.co.uk/

http://www.titania.co.uk/

Documents

Cisco Security Guide 1.0