Monday, 24 February 2014

Using Nipper Studio for Penetration Testing

by Peter Wood

About the Author

Peter Wood, CEO at First Base Technologies

Pete has worked in the electronics and computer industries for over forty years and founded First Base in 1989. He is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients.  In this case study Pete explains how he came across Nipper Studio security auditing software and why he thinks it is one of the best tools of its kind on the market.




The first time I heard about Nipper Studio was back in 2009 when the product was very new to the market and still in its first version, Nipper One. I received an industry newsletter which featured Nipper and outlined the basic features of the tool. It sounded interesting but at that time it wasn’t a tool that I felt we needed and didn’t take it any further.


Why did you decide to use Nipper Studio?

We first evaluated Nipper Studio in July 2012 when we had a requirement to audit several routers and switches for a large client. After running a few reports I realised the tool was exactly what we were looking for, as all our previous reviews of network devices were done entirely manually. Nipper Studio was the only product we could find that provided this level of detailed configuration audit review. The reports generated from Nipper Studio were easy to read and thorough and it saved us hours of manual work. We have continued to use Nipper Studio to assist with network security audits for our clients and also in-house to audit our own network security devices.

How do you use Nipper Studio at client sites?

One of the great things about Nipper Studio, from a Penetration Tester’s point of view, is that the software can be downloaded onsite and installed in minutes, without causing any disruption to their networks. Furthermore, because Nipper Studio does not store any configuration information and, unlike scanning tools, does not need to connect to the network, using it poses no additional security issues to the organization. 

Once we have Nipper Studio installed it enables us to automate much of the review process without compromising the quality and accuracy of our results. During an engagement we can use the tool to help find vulnerabilities in the device in a fraction of the time it would take us to do manually.

As a result of the extensive amount of devices supported, Nipper Studio enables us to provide a more consistent and accurate set of results, irrespective of the manufacturer or model of device under review. Also because we can install Nipper Studio on multiple machines we are able to use the license for various different customer engagements throughout the year. 

How have your customers benefited from you using Nipper Studio?

It became obvious to us that our clients were facing a problem. They would often come to us asking for us to review the configuration and security of their switches, routers and firewalls. However it is a lengthy and painstaking process to manually audit every network device in a system, especially in the larger organizations. As a result, it was not cost effective to review more than a small sample of an organization’s infrastructure.

Using Nipper Studio means that our clients can now afford to have the security of all their  infrastructure devices checked, rather than just a sample.

How has using Nipper Studio benefited First Base Technologies as a business?

Using Nipper Studio has presented us the opportunity to expand our security reviews at a realistic price. This means our clients expectations have been exceeded while still staying on time and in budget. This gives us an advantage in the market and ultimately helps retain our existing customers and attract new ones.


No comments:

Post a Comment

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.