Enhanced Device Support

Cisco IOS XR

The latest release of Nipper contains continued improvements to Cisco IOS XR device support.

Cisco IOS XR device auditing has been improved in the following areas:

  • Network Time Protocol (NTP)
  • Simple Network Management Protocol (SNMP)
  • Address Resolution Protocol (ARP)
  • Domain Name System (DNS)
  • Dynamic Host Configuration Protocol (DHCP)
  • Layer Two Tunneling Protocol (L2TP)
  • Logging Services
  • User Groups
  • Border Gateway Protocol (BGP) Redistributed Routing Protocols

Bug fixes

  • Auditing certain Cisco ASA configurations no longer causes a serious error
  • Security Audit findings:
  • Cisco IOS
    • Resolved an Network Time Protocol (NTP) issue causing Security Audit issue NSA-TIME-004 to always trigger
    • Resolved an Hypertext Transfer Protocol (HTTP) ciphers issue causing Security Audit issue NSA-ADMIN-019 to always trigger
    • A VLAN Trunking Protocol (VTP) issue was resolved that caused Security Audit issues NSA-PRTCL-022 and NSA-PRTCL-024 to trigger incorrectly
    • An issue with configuration auto-loading has been resolved that was causing NSA-CNFG-001 to trigger incorrectly
  • Panorama PanOS 9
    • Resolved a Border Gateway Protocol (BGP) dampening issue causing Security Audit issue NSA-ROUT-005 to always trigger
    • Resolved a filter rule issue causing Security Audit issues NSA-FLTR-015 and NSA-FLTR-017 to always trigger
    • Resolved an RSA key issue causing Security Audit issue NSA-ADMIN-019 to always trigger
  • Command Line Interface:
    • Running a PCI audit with Nipper's CLI no longer causes a serious error
    • CLI help text for the settings for CMMC and NIST 800-171 report types has been added
    • Adding a license via CLI no longer returns a duplicate error message
    • Adding a new resource via CLI no longer returns an unknown command error
    • Having the support debug mode enabled no longer prints unreadable characters to the console
    • Saving reports to PDF now creates a valid report file
    • IP scoping now correctly filters filter rules
    • Certain incorrect CVEs are no longer triggered for Fortinet FortiOS devices
    • Cisco Catalyst devices are no longer detected by Nipper as Cisco IOS Routers
    • Secure wireless SSID keys are no longer reported as insecure
  • Audit Scheduling:
    • Devices requiring a privilege password can now be audited via Audit Scheduling
    • Adding a remote device via Audit Scheduling now has a default port and schedule date pre-populated
    • CMMC report practice IA.1.077 table now displays correct password information
    • Access Control List (ACL) rule tables on SonicWall devices are now correctly named after the zone
    • Static Link Monitor Exempt (a proprietary Fortinet feature) is no longer displayed when auditing Cisco devices

Critical Issue Demo Files

Two new demo configuration files have been added allowing critical findings within Nipper to be accurately demonstrated.