Automated Security Configuration Checklist for a Cisco IPsec VPN Router using SCAP 1.2

摘要

For large enterprises running many different operating systems, applications, and multi-vendor devices, the task of reviewing the security state of a broad range of devices and business areas in order to either comply with security requirements from regulations or detect risks such as misconfigured devices, out-of-date software, etc., is timeconsuming, error-prone, and expensive. Although humans are important in the security assessment process, they are unable to keep up with the task, and may introduce inconsistencies which could further make organizations vulnerable to security breaches. Security automation provides a solution to this challenges. In this paper, a common security automation protocol, Security Content Automation Protocol (SCAP) version 1.2, was leveraged to develop an automated secure configuration checklist which can be used by security professionals to rapidly and consistently audit network edge devices such as a Cisco IPsec VPN router to ensure secure configuration per the baseline.