Nexpose 5.7.14 brings you the ability to audit the configurations on your Cisco network devices for security in accordance to best practices in the industry.

What is a configuration benchmark?

A configuration benchmark is a scoring system which evaluates an asset's compliance against a set of security policy rules. The benchmarks are derived from industry best practices and consensus from domain knowledge experts to help organizations evaluate the security of the systems and devices on their networks. Each benchmark is specific to an operating system platform. In addition to the Cisco IOS benchmark added in this release, we currently support security configuration benchmarks for the following platforms:

  • RedHat Enterprise Linux 4/5/6
  • Windows XP/2003/Vista/2008/7
  • Internet Explorer 7/8

Which security policies are evaluated in the Cisco IOS benchmark?

The Cisco IOS benchmark organizes security policies into three different categories, or planes.

  • Management plane defines rules for access, banners, passwords, and SNMP
  • The control plane covers policies for logging, services, and the internal clock
  • The data plane deals with the routing of data

What types of network devices can be evaluated with the Cisco IOS benchmark?

The Cisco IOS benchmark is applicable to all Cisco network devices running IOS v15.

How do I audit my assets with the Cisco IOS benchmark?

The Cisco IOS benchmark is included in the default CIS scan template in Nexpose. To audit your assets with the Cisco IOS benchmark, simply create a site, define your assets, select the scan template named “CIS”, and provide the appropriate SSH credentials if applicable.

Find out about other platforms and benchmarks covered by Nexpose.