Business happens at the speed of your router. Moving data quickly and efficiently
is what routers are made to do. However, they are often placed at a critical junction
in the network where they become part of the security infrastructure — filtering
traffic with ACLs or mitigating risk at network boundaries. And at that junction,
the routers are subject to many of the same security processes and compliance initiatives
as other security devices.
FireMon Security Manager can monitor Cisco routers, and provide the change management, security analysis
and compliance functions necessary to ensure that the routers are operating correctly
in a security infrastructure.
Key Benefits:
- Know exactly what changed through real-time reporting.
- Ensure startup-config and running-config are in sync.
- Clean up your configuration by finding dormant and redundant ACLs.
- Audit your routers against NSA and PCI standards as well as Cisco best practices.
Key Features:
Change Notification and Reporting
Security Manager provides real-time, auditable change control. Every detail of every change
— including when the change was made, who made it and what was modified — is available
in the router dashboard and in detailed reports. The integrated change visualization
in Security Manager provides a complete configuration change display in two formats: a graphical
ACL display, and a side-by-side configuration text file display that highlights
insertions, deletions, and modifications.
ACL Analysis
The list of ACLs tends to grow very rapidly. Security Manager provides the information necessary
to clean up legacy policies by watching the usage of all ACLs and giving engineers
the data necessary to remove dormant access. ACLs that are in use are shown in the
order of usage while unused ACLs are specifically indicated along with their last
used date. Data is kept over long periods of time for accurate reporting and can
be investigated with a graphical histogram.
Additionally, Security Manager can track the flow of traffic across a single ACL. ACLs that
allow more traffic than necessary are common. The worst case is when you have to
quickly bring together two networks but you have little idea of the traffic traversing
the network boundary. Security Manager takes a detailed look at the traffic flowing over
a single ACL, even if it is an "any-any-any-accept," and intelligently analyzes
the traffic. The analysis results present smart-groups of access that can be validated
and created as separate ACLs.
Redundant and Shadowed ACL Analysis
Huge ACL sets are complex and difficult to understand. Often, administrators are
asked to satisfy new requirements without the tools, information or time that is
necessary, which can result in configuration mistakes such as adding or creating
redundant or shadowed access. These mistakes complicate security policies and add
to router administration overhead.
Security Manager 5.1 identifies all redundant, fully shadowed and partially shadowed ACLs
in a policy. The report is available with the first retrieval of the running configuration,
providing administrators with a zero-hour cleanup report as well as ongoing insight
into erroneous modifications.
NSA Router Security Report
The National Security Agency (NSA) of the United States created a set of guidelines
and recommendations to help IT professionals and security teams improve the security
of their networks. These guidelines, available at www.nsa.gov, make up the "Router
Security Configuration Guide," which addresses principles for configuring secure
routers and offers specific information on Cisco routers.
Beginning with Security Manager 5.1, administrators can evaluate configurations of Cisco
routers for compliance with section 4.1 of the guidelines, "Router Access Security."
The NSA Router Security Report includes 24 Security Manager Extensions that can be run individually
or as a single report. The report presents a pass/fail result for each guideline
and offers remediation recommendations when a guideline is not met.
Learn more about Security Manager.