Hello,
We recently had a Nessus scan done of our system and the solution to one of the findings was this:
disable the RIP agent and use an EGP routing protocol
I have been unable to find any specific instruction on how to do either. We are running Solaris 8.
Any help would be greatly appreciated. Thanks in advance.
stringman
Nowadays, when people talk about an EGP routing protocol, they aren't talking about the protocol called EGP. It went out of vogue a loong time ago. Insetad, they are talking of a class of protocols- External Gateway Protocol.
These are used to talk to other autonomous systems (think ISPs).
Today, there is only one modern EGP in existance, and thats BGPv4. But BGP is a 'meta-protocol' in such that it needs an IGP (internal gateway protocol) to actually send network topology data between your routers, assuming your net is more than one hop wide.
But judging from your post, this isnt the case. You have a unix machine which partakes in your networks' routing decisions, maybe because you have several interfaces? so you can have a dynamic routing table right?
RIP isn't insecure in itself. Perhaps you should just add some firewall rules which says that UDP to port 520 can only come from your friends' ip addresses? or your own net?
A rather long-winded reply, but hope I shed a little light on your question.
Actually, we are not even connected to the internet. Our system is stand-alone. I know it's silly for Security to require this fix, but you can't fight the government. The concern is that someone will physically gain access to our system and therefore, come from our internal network. We don't even have a firewall, just a virus scan that must be run manually and Tripwire. But that's Ok w/ Security :). However, they will not re-accredit our system unless we disable the RIP agent and use an EGP routing protocol (thier exact words).
stringman
You can't trust scanning tools and their "analysis" to protect your system, you have to use your own brain, which is much smarter than unintelligent scanning tools.
You don't need a scanning tool to tell you how to configure your system, you need to answer basis questions, like "do I need any routing protocols at all?"
Also, your scanning tool is wrong and also obsolete.
RIP is an interior routing protocol. EGP is an obsolete exterior routing protocol call. If an automated scanning tool is telling you to disable RIP and enable EGP, you need to get a different scanning tool, period.