"/>

Update - PAe ROCÍO, solution of audit of safety on configurations of communications equipment
the accesskey _ mod _ content

Updating ROCÍO, solution of audit of safety on configurations of communications equipment

05 July 2019

CCN-CERT Logo

La solución, desarrollada por el CCN, agiliza el proceso de auditoría de seguridad sobre configuraciones de equipos de comunicaciones

The Centre PKIX has updated the National ROCÍO solution (Opens in new window) , disponible en el portal del CCN-CERT, con el objetivo de facilitar la configuración de los dispositivos de red, enrutadores y conmutadores de Cisco, Aruba y Allied Telesus, así como de los cortafuegos Fortigate. Gracias a ROCÍO, se automatizan las tareas básicas de auditoría, permitiendo que los responsables de seguridad puedan comprobar, de un modo rápido, si su dispositivo está configurado adecuadamente.

The analysis of compliance is based in safety standards contained in the guides CCN-STIC. Specifically, the guías CCN-STIC-641 Seguridad en Routers Cisco, CCN-STIC-643A Seguridad en Equipos de Comunicaciones. Allied Telesis con sistema operativo AW+, CCN-STIC-644 Seguridad en equipos de comunicaciones Switches Cisco, CCN-STIC-647C Seguridad en conmutadores HPE Aruba y CCN-STIC-650 Seguridad en cortafuegos Fortigate . These documents and provides a set of guidelines for safe configuration of communications equipment.

All this, based in the checking of a series of rules, developed by the CCN, on the configuration and the results of implementing certain commands in the teams consoles (rules that are updated periodically as manufacturers developed its operating systems and create new functionalities).

La solución se proporciona como una interfaz web en la que se permite almacenar configuraciones, seleccionar distintos paquetes de reglas y generar informes de cumplimiento.

To access the service requires installing a safety certificate in the browser, which must be requested in the contact email rocio@ccn-cert.cni.es , indicating name, contact telephone and agency applicant.

ROCÍO is one of their own solutions of audit of National PKIX Centre which, together with ANA (Opens in new window) (Automation and standardisation of Audits), PILLAR (Opens in new window) (Analysis and risk management), CLEAR (Opens in new window) (Compliance Audit ENS/STIC on systems Windows) and INES (Opens in new window) (Status report about security in the ENS), seeks to facilitate the analysis of equipment and systems all those responsible for security.

Original source of the news (Opens in new window)

  • Security
General access point
 
General access point