About the Author
Aran has a key role within both the support and testing teams at Titania ensuring that users of the software receive the best products and services possible. Throughout his career Aran has always had a passion for cyber security and since joining Titania his interest and knowledge of the industry has continued to grow.
Nipper Studio is now used in 50 countries around the world by security conscious organisations, auditors and government departments. Below Aran has answered just a few of the commonly asked questions about the software. Nipper Studio has hundreds of setting to choose from that are not necessarily enabled by default.
1. Can I customize my Nipper Studio report with my
own company information?
Yes, it is possible to
customize your Nipper Studio report with a Company Name, Company Logo, Report, Title
and Classification.
2. What Rating Systems can I use for my Nipper
Studio audit report?
The default rating
system is Nipper v1 which is based on industry, governmental and military best
practice as well as the considerable penetration testing experience within Titania.
If you wanted to use an industry standard vulnerability rating system, Nipper Studio enables you to switch to CVSS v2.
3. What
kind of reports is Nipper Studio capable of creating?
Nipper Studio can create many different types
of report. You can generate a singular report or combine multiple report types
in one document. The report types are:
- Security Audit - a “best practice” security audit which combines checks from many different sources, including penetration testing experience
- STIG Compliance Audit - DISA STIG compliance audit against specific STIG checklists. STIG check lists can be updated using OVAL xml files.
- SANS Policy Compliance Audit - a SANS policy compliance audit against specific SANS policy documents.
- Configuration Report - a detailed report on how the device has been configured.
- Raw Configuration - details the actual device configuration data (SonicWall configurations are decrypted so that they are in a human readable raw format).
- Raw Change Tracking - the raw change tracking report will detail all the configuration lines that have changed since the previous report.
4. Is
Nipper Studio capable of creating a report for multiple configurations from
different network devices all at the same time?
Yes, you can either add a single
configuration at a time or a directory of configurations. When a report is created using multiple
configurations, each device is listed at the beginning of the report and also
each issue has a section letting you know which device is affected by that
particular issue.
5. Is it possible for Nipper Studio to report on overlapping or contradicting rules within a device’s configuration?
Yes, Nipper Studio can report on both
overlapping and contradicting rules. These checks are not enabled by default as
they can take an extended period of time to complete depending on how many filter
rules that Nipper Studio has to check.
When checking for Overlapping Rules, Nipper
Studio will check that no rules overlap or duplicate other rules which have
been configured. For example, one rule could permit access to a range of
services on a specific host and another could allow access to a number of the
same services on the same host.
When checking for Contradicting Rules,
Nipper Studio will check that no rules contradict other rules which have been
configured. For example, one rule could allow access to a service which is then
dropped by another rule in the same filter list.
6. Is it possible to set up different profiles for Nipper Studio to use when auditing different client configurations?
Yes, once you have configured Nipper Studio
to report on the specific information and/or checks to be performed on your
customer’s configuration. You can then save this configuration of Nipper Studio
as a setting profile for use again at a later date. This will help save time
and also means that your customer will always get the same report output each
time you perform an audit for them.
Hopefully this information has helped
answer a few questions about Nipper Studio and given you a taster of some of
its functionality. If you have any other questions please contact us at support@titania.com and we would be happy
to help.
No comments:
Post a Comment
Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.