BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>>

PREVIOUS

   Current Article ID:2577

NEXT



Titania Nipper Studio

Editorial Type: Review     Date: 07-2013    Views: 5186   









Total compliance with data protection regulations is now essential, otherwise businesses could find themselves faced with hefty fines. There are a wide range of security auditing solutions available, but some can be prohibitively expensive, many rely only on network scanning and few extend their focus beyond firewalls

Nipper Studio takes a refreshingly new approach to security auditing, as it supports an impressive range of firewalls, switches and routers from all the major players. Naturally, Cisco is at the top of the list, but it can also audit devices from Brocade, Check Point, Fortinet, HP, Juniper, WatchGuard and many more.

Installation takes minutes and auditing is a simple, two-step process. First, you need to download the configuration file from the devices to be interrogated. We tested with HP ProCurve and Cisco Catalyst switches, and found the process well documented. You point Nipper Studio to the configuration file location and it identifies the device from its contents. Usefully, you can specify a directory where multiple files are stored and it can create a single report on them all.

Four options for the level of auditing and reporting are available. The security audit covers more than 20 key areas, including administrative access, authentication, IDS/IPS, SNMP, port configurations and software vulnerabilities. Each can be enabled or disabled as required and you can apply a range of filters to fine-tune the information you want presented.

Two rating systems are supported, with the software defaulting to Nipper's own system. A valuable feature is support for v2 of the CVSS (Common Vulnerability Scanning System) open framework.

Prior to report generation, you can select CVSS and also configure other associated environmental metrics. These include settings for CDP (collateral damage potential), target distribution, plus confidentiality requirements, so you can define and prioritise which areas are important.

User policies tell Nipper Studio what password tests you want carried out. These include checks on the maximum and minimum password ages, authentication timeouts, length, repeated characters and so on. Nipper Studio can include a full report on device configurations and also provide it in raw format as well.

Reports are generated quickly, and we score Nipper Studio highly for their classy design and content. The reports are well structured and very clear, so they will appeal to a much wider audience than just technical staff. The reports can be branded with your own company name and logo, and start with a summary of the audit scope, with devices and graphs showing a breakdown of issues identified.

The level of information in the reports is quite remarkable. Not only do they clearly highlight security issues with firewalls, but also provide an impact assessment, potential security breaches and recommendations for remedial actions.

Other areas of concern - such as weak passwords, unsecured administrative access and open services for all devices - are clearly highlighted, and each graded with ratings for overall impact and ease of remediation. Where the CLI can be used to fix a problem, the report includes a list of all relevant commands and their format, so there's no need to rummage through the device's user manual.

Nipper Studio provides change management features, as during report configuration you can point it to a second file taken from an earlier time. The report compares them and highlights any differences, so you can see easily if unauthorised changes have been made to critical devices.

Nipper Studio can start auditing straight from the box and its sophisticated reporting takes all the guesswork out of regulatory compliance. It represents very good value, and is far more efficient and informative than products that rely only on network scanning. CS

Product: Nipper Studio
Supplier: Titania Ltd
Telephone: +44 (0)1905 888785
Website: www.titania.com
Price: From £26 per device (per pack of 25) to £6 per device (per pack of 1,000).

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT