$Id: FAQ.txt,v 1.1 2002/03/05 04:39:41 jnssf Exp $

Index of Questions:

  INSTALLATION
  Q: How do I install RAT  ?
  Q: I don't need snarf. I already have configs.  How do I disable it?
  Q: I'm having trouble installing the Perl Modules (on Unix).

  RULES/BENCHMARK
  Q: Does it check Catalyst Switches or other non-IOS devices?
  Q: What are "Level 1" and "Level 2" benchmarks?
  Q: What versions of IOS does RAT  check?
  Q: Does it check feature X/Y/Z?
  Q: Can I make it check feature X/Y/X?
  Q: Can it check things other than IOS?
  Q: How does scoring work?

  GENERAL
  Q: Will RAT make my router "secure"?
  Q: Will RAT make my networks and desktops "secure"?
  Q: Will it stop viruses ?
  Q: How can I find out about new releases of the tool an benchmark ?

INSTALLATION

  Q: How do I install RAT  ?
  A: For Unix, read INSTALL.txt in the distribution.  For Windows,
  read INSTALL.WIN32.txt.  Thanks to John Stewart and Joshua Wright
  respectively.

  Q: I don't need snarf. I already have configs.  How do I disable it ?
  A: (windows) Snarf is not supported on windows at this time.
     (Unix) Use the alternate Perl Makefile:
  
       - Unpack the tar file
       - cd to the rat-1.1 directory
       - Install using new Makefile.PL:
         % perl Makefile-nosnarf.PL [PREFIX=$HOME]
         % make
         % make install

  Q: I'm having trouble installing the Perl Modules (on Unix).
  A: 1) be sure youre perl is version 5.004 or better.
     2) be sure you're running as root
     3) install in the order listed in INSTALL.txt
     4) It is sometimes necessary to exit Perl (the CPAN shell) and
        start over.
     5) If all else fails, you can tell CPAN to ignore test failures
        and force module installation:
  
          # perl -MCPAN -e shell
  	cpan> force install Net::Telnet
          .
          .
          .
  
RULES/BENCHMARK
  
  Q: Does it check Catalyst Switches or other non-IOS devices ?
  A: No, because there are no rules.  It probabably will in the near
     futre.  If you're interested in developing such rules, send a
     note to rat-feedback@cisecurity.org
  
  Q: What are "Level 1" and "Level 2" benchmarks?
  A: Level 1 benchmarks define basic security settings that apply to all IOS
     configurations (at least 11 and 12).  Level 2 benchmarks define
     security settings that are applicable only to sites that are using
     specific optioanl features (such as AAA authentication, etc.).
  
  Q: What versions of IOS does RAT  check ?
  A: The default rules have been tested with IOS 11 and 12.
     Many of them may work with older and newer versions of IOS
     but they have not been tested.
  
  Q: Does it check feature X/Y/Z ?
  A: The default rules deal with things like: turning off unnecessary
     services (finger,echo,http,etc), preventing unauthorized access
     (telnet and SNMP Access Control Lists, requiring passwords for
     login, snmp, etc.), preventing abuse (ingress/egress filters, no directed
     broadcasts), logging (syslog, ntp, etc.).
  
  Q: Can I make it check feature X/Y/X ?
  A: Yes.  If you know what the configuration for X/Y/Z looks like, you
     can fairly easily copy existing rules and modify them to check for
     proper configuration of most features.  If you do this for some
     feature that's not covered by the default rules ***please send copies
     to rat-feedback@cisecurity.org***
  
  Q: Can it check things other than IOS ?
  A:: Yes.  It's being used now to check Catalyst switches and has been
     used to check the syntax of HTML pages.  If you know what "good"
     and "bad" look like it's fairly easy to write rules to check most
     any text file.
  
  
USAGE
  
  Q: How does scoring work ?
  A: Say you have one rule called "no cdp enable" that is supposed to
     apply to every interface, and the rule is given an importance value
     of 10.  Say you check one router with this one rule and the router
     has 10 interfaces.  Two of the interfaces do not have "no cdp
     enable" set.  This means that the total possible gross score for
     the router was 10*10 = 100.  The actual gross score was 10*8 = 80.
     The router would get an overall rating (on a 1-10 scale) of 8.
  
GENERAL
  
  Q: Will RAT make my router "secure" ?
  A: Maybe.  You can't prove a negative (the absence of bugs/holes).
     You can only prove their presence.  If you *don't* fix the problems
     identified by RAT, your router *will* be insecure.
  
  Q: Will RAT make my networks and desktops "secure"?
  A: Indirectly.  Most of the rules are aimed at insuring that the
     router itself is secure.  If your routers are compromised, then
     everything you send over the network may be intercepted, modified
     or just blocked.
  
  Q: Will it stop viruses ?
  A: No.
  
  Q: How can I find out about new releases of the tool an benchmark ?
  A: Subscribe to rat-announce@cisecurity.org by sending an empty
     message to rat-announce-subscribe@cisecurity.org

