Monday, 10 March 2014

Nipper Studio Review

By Jim Halfpenny 

About the Author 

Jim is an experienced IT practitioner with 14 years experience in both academia and industry, working with renowned companies including British Airways, Oracle, BSkyB and Cloudera

There’s no shortage of vulnerability assessment tools out there and this time I’m looking at one that’s a little bit different. Nipper Studio from Titania offers a means to audit that often forgotten part of your network: the network itself. Routers, switches, firewalls and other network appliances are the fabric of your network and should definitely be in scope for any rigorous information security program. I've given Nipper Studio a test drive to see how it performs and how it differs from other tools out there.

Firstly it’s worth pointing out that Nipper Studio is not a traditional vulnerability scanner that trawls your network looking for weak spots. Instead you feed Nipper Studio the configuration files from your network devices and it audits them, producing a detailed report. This offline auditing means no traffic is generated by the audit and there’s no need to plug anything into your network, a definite plus for those working in high-security environments. Working from the inside out provides a totally different insight compared to traditional network-based scanners.

Nipper Studio offers good cross-platform support with packages available for Fedora, OpenSuSE, CentOS and Ubuntu flavours of Linux as well as Windows and Mac OS X. I’ve been testing out the version for Ubuntu, which is supplied as .deb packages for 32-bit and 64-bit systems. There is a good range of supported devices with all the usual players such as Cisco, Juniper and Checkpoint represented as well as some of the rising stars like SonicWALL on the list. As well as a GUI tool for generating reports Nipper Studio includes a command line version, very useful for scripting and automating audits.

Some of the wide range of network devices supported are shown above

Fire it up and Nipper Studio starts with a clean UI showing your reporting, configuration options and built-in documentation. Creating a report is as simple as clicking on the new report link and telling it the location of your configuration files. You can add multiple devices to a single report and load previous reports for comparison. Human readable full and summary reports can be generated in several formats including HTML, PDF, PostScript and LaTeX. Additionally you can create CSV, SQL and XML outputs enabling you to further process, report and archive your results.

The Nipper Studio GUI is simple and straightforward to use
The reports may appear on the surface very similar to vulnerability assessment reports from other tools but it is the level of detail that really shows off the benefits of this method of security auditing. Nipper Studio will report on firmware version, timeouts, routing and VLAN configuration, service banners, authentication and other configuration best practice which external scanners may miss. Exposing the internal configuration of the device exposes potential issues that simply cannot be seen from the outside or may be time consuming to evaluate such as weak authentication.

Reports on each finding are very detailed and include a severity level, ease of exploitation and recommendations on how to remedy the issue as well as CVSS v2 scores where applicable. Audits can be customised to include your organisation’s name and logo and to report based on your security organisation’s security policy such as password age and strength. You can also include your own notes and control which sections of the report to include so you can tailor it to the intended audience.

Reports drill down from high-level summary to detailed vulnerability breakdown

An important feature worth mentioning again is the ability to compare the results from previous reports. This enables you to see what has changed between audits and helps you to gauge the progress you’re making in improving the security posture of your network environment as well as highlight new threats. You will also be able to detect unauthorised or unplanned changes to your network outside of your change control process. It’s all too easy to make an ad-hoc change and not document it, with unpleasant consequences further down the line. This is not a tool solely for point-in-time inspection of your network.

Nipper Studio is licensed on a per-device basis starting at $1000 for 25 licenses, working out at $40 per device. As you would expect discounts are available for larger purchases; 1000 or more licenses will set you back $8.50 per device. Compare this to the cost of a manual check by an experienced auditor and you’ll get a figure an order of magnitude less for Nipper Studio as well as the benefit of rapid and repeatable reporting. Is there anything that this product would miss that a trained auditor would catch? Quite possibly, but using this tool for your initial baseline and regular testing means you can cover off the majority of common issues and better spend your remaining security budget more effectively.

No comments:

Post a Comment

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.