Enhanced Device Support for Cisco IOS XR

The latest release of Nipper contains enhanced support for Cisco IOS XR devices. The scope of auditing Cisco IOS XR devices has improved in the following areas:

  • Open Shortest Path First (OSPF) Interfaces
  • Enhanced Interior Gateway Routing Protocol (EIGRP) Interfaces
  • Global Syslog Interfaces
  • EIGRP Routing
  • Routing Information Protocol (RIP) Routing
  • Static Routing
  • Routing Keys
  • Password Policies
  • Border Gateway Protocol (BGP) Dampening
Additional Fixes
Nipper 2.11.1 also includes changes to the style settings and fixes several bugs across the software delivering enhanced accuracy in reports, as well as improving the overall stability and usability of the software.

Security Audit Style Setting

Changes to the Security Audit report to highlight Nipper's applicability to risk management

  • A new Security Audit Setting "Audit Style" is available for use within Nipper where"Risk Based" Security Audit style (default) will highlight applicability to risk management. "Classic" Security Audit style will revert to how Nipper has previously reported the Security Audit. 
Risk Based Style Changes
  • Minor text changes - Replaced "issue(s)" with "finding(s)" where applicable across the Security Audit report.
  • Replaced "severity" with "risk" where applicable across the Security Audit report.
  • Updated titles of Security Audit Summary diagrams
    • Replaced "Severity Classification" with "Risk Classification".
    • Replaced "Issue Classification" with "Finding Classification"
  • Addition of new diagram to the Security Audit Summary
    • A new "Risk Profile" diagram plots impact of security findings on your network against the ease for malicious actors to exploit said security finding.
  • Addition of new table to the Security Audit main body
    • Appearing after the Security Audit Introduction, the Findings Summary provides an overview of each finding ID that applies to a device in the audit scope, the title of the finding, the risk the finding presents and the applicable section.
NIST 800-171

A new standalone report plugin for NIST 800-171 has been added. This feature is not licensed by default - speak to your solutions advisor for further information.

Bug Fixes
  • Cisco IOS Wireless LAN devices will now correctly report the configured SSID protocol.
  • The --disable-interactive-audit CLI setting will no longer be ignored on CentOS 7 installs.
  • Improved reporting of administrative interface line settings in the Configuration Report.
  • "NTP Control Queries were Permitted" security finding will no longer be present if the device has an Access Control List (ACL) configured.
  • SonicWall SonicOS 6.5 devices will no longer have the "LAN to WAN" Configuration Report table incorrectly labelled with the name of a configured ACL.
  • Fixed an issue when turning on the "CMMC Pre-Assessment" setting from the "New Report" dialog that would cause the Security Audit and Configuration Report to not be included in the report if not already selected.
  • Fixed an issue causing section links throughout the Security Audit to no longer function