Release Notes: Nipper v3.x.x

The document communicates the new features and functionality changes in this release of Nipper v3.x.x. The major release of v3.0.0 and all subsequent minor releases are included.

About This Release

Version 3.0.0 of Nipper is the latest major release of Nipper from Titania. Not only does the software include numerous new features, but the underlying architecture of Nipper has also been enhanced along with the infrastructure used to complete audits. These changes collectively mean that Nipper is now even more powerful than ever.

Compatible Products

This product has been tested on the following platforms or with the following products:

  • Microsoft Windows 11

Other versions of Microsoft Windows may be compatible with Nipper v3.0.0 but may have limited functionality.

Installation & Licensing

Existing users of Titania with an active license will be able to download this updated version and activate using their existing license credentials (serial number & activation code). Users currently running Nipper v2.x.x will be able to continue to use Nipper v2.x.x alongside Nipper v3.0.0.

Nipper v2.x.x will cease to be supported by Titania in line with the product lifecycle.

New users will be issued with new license credentials (serial number & activation code) for use when they first install Nipper v3.0.0.

 

Updates

The following features have been enhanced in this release:

  • Security Audit: Now known as the Best Practice Security Audit. Checks used to assess the configuration of devices return descriptions of what was checked as well as findings that describe what Nipper has identified, in the resulting report, allowing users to clearly understand what is being checked for, the outcome and how this affects their security posture.

  • Vulnerability Audit: A risk prioritized, exception zero-trust policy enforcement report enhances the NIST NVD Report available in Nipper v2.x.x by now including change tracking, findings for pass & fail instead of just highlighting fails and any associated ratings.

  • Raw Configuration Report: Now includes change tracking helping developers and teams maintain an audit trail of all changes to configuration settings. Change tracking helps in demonstrating compliance with regulations and provides transparency into who made what changes and when.

  • Appendix : Previously available as a separate report, this has now been integrated to Nipper v3.0.0 common report settings.

  • Settings: Further settings have been added to Nipper v3.0.0 allowing users to configure Nipper more precisely to their individual requirements.

  • Audit Scopes: Nipper v2.x.x allowed specific IP scoping only. Nipper v3.0.0 has been enhanced to allow users to specify which IP addresses to include/exclude, which audit reports should be scoped and whether to include/exclude report sections ensuring greater configurability.

  • Cisco PSIRT Audit: As in Nipper v2.x.x, users can evaluate and analyze Cisco products and networks for potential security weaknesses. Vulnerabilities are now rated against CVSS v3.5 by default but can also now be rated using all other versions of CVSS scoring (v1,2 and 3).

  • DISA STIG Compliance Audit: The STIG audit in Nipper v3.0.0 is now a risk prioritized, evidentiary pass and fail compliance assessment report, meaning users can now not only provide evidence of compliance but also identify areas of vulnerability and prioritize work required to improve their overall security posture. Additionally, STIG coverage has been greatly increased to include more device specific STIGs ensuring the environment audited with the most appropriate guidelines. Nipper v3.0.0 automatically selects the appropriate STIG benchmarks configured for a device with further generic benchmarks available to support where device-specific ones are not available.

  • NIST 800-53 Audit: Assess compliance with security requirements recommended in NIST special publication 800-53. Controls are assessed against DISA STIGs and mapped using common correlation indicators with pass/fail findings included in the report along with ratings. Report now includes change tracking, gives findings for pass & fail instead of just highlighting fails and ratings, helping users demonstrate compliance with security guidelines.

 

New Features

The following new features appear in this release:

  • Save Report As: Users are now able to export Nipper v3.0.0 reports in a wider range of recognized formats ensuring data can be more easily manipulated to meet individual requirements.

  • Ratings: Nipper v3.0.0 now supports the latest versions of Nipper, CVSS (v3.1, v3, v2 and v1), STIG and Cisco SIR rating systems which can now be viewed in a variety of forms to help better visualize the significance of the findings. Users can also manually set the order preference of the ratings systems used in reports that support multiple rating systems.

  • Report Browser: Nipper v3.0.0 has a new Report Browser, enabling users to quickly and easily navigate audit reports using large reports scroll bar and expandable / clickable sub-headings. Compliance results can be modified, user notes can be added, and findings can be excluded. Notes, exclusions, and modified results can be remembered and applied each time the same device, type of device or all devices are audited in the future.

  • Improved System Architecture: Updated, modular system architecture improves Nipper’s performance as well as providing a stable platform to add new devices, reports and other features. Updates to resources such as STIGs, NVDs, NIST and other compliance guidelines will be available independently of software releases.

  • Improved GUI: General usability improvements to the GUI including tabbed navigation, progress indication showing a percentage for how close a user is to the report to start running and more have been implemented improving the overall experience so users can run audits and create reports to get the information they need more quickly and easily.

Minor release updates

v3.0.1

  • September 19, 2023

    Titania internal development release

v3.0.2

  • September 29, 2023

    New Features

    • No new features included in this release.

    Continual Improvements

    • Fixed issue in the Cisco PSIRT report that caused false positives to be returned in some instances. Other reports were unaffected. Recommended that any Cisco PSIRT reports completed using v3.0.0 be re-run using most up to date version available.

v3.0.3

  • October 02, 2023

    Titania internal development release

v3.0.4

  • October 03, 2023

    New Features

    • No new features included in this release.

    Continual Improvements

    • Resolved issue with default license server URL meaning some users may not be able to activate Nipper.

v3.1.0 - Limited Beta

  • October 03, 2023

    New Features

    • PCI DSS 4.0 compliance report (BETA).

    Continual Improvements

    • Resolved issue with incorrect status of remote device connection after adding for a second time.

    • Resolved issue in NIST 800-53 report where Nipper ratings were being returned instead of associated STIG rating.

    • Resolved missing PSIRT advisories.

    • Fixed ‘save table to’ table. Report tables can now be saved to various formats.

v3.1.1

  • October 30, 2023

    New Features

    • PCI DSS 4.0 compliance report.
      Accurately assess compliance of device configurations with drill down detail of the checks performed to evidence how it complies with PCI DSS requirements or describes how it fails to comply and how to fix it.
      Report now includes change tracking, gives findings for pass & fail instead of just highlighting fails and ratings, helping users demonstrate compliance with security guidelines. Supported audits (such as full configuration reports) are now included within the PCI DSS report, making it even easier to refer to required evidential information.

    Continual Improvements

    • Fixed error with heatmap settings not adding heatmaps to reports.

    • Added CWE (Common Weakness Enumeration) references to NVD reports. Associates each NVD entry with a specific weakness identifier from the CWE list.

v3.2.0

  • December 04, 2023

    New Features

    • Added support for Fortinet devices utilizing FortiOS v7.4 allowing users to audit Fortinet devices using Nipper Security Audit and device specific STIGs as well as NVD and PCI security frameworks.

    • Added support for Palo Alto devices utilizing PanOS v11 allowing users to audit Palo Alto devices using Nipper Security Audit and device specific STIGs as well as NVD and PCI security frameworks.

    • Added functionality to support new NIST NVD update schema ensuring CVE updates can continue to be implemented in Nipper following changes by NIST.

    Continual Improvements

    • Resolved issue where large files downloaded from the API failed to validate ensuring updates can be successfully delivered.

v3.3.0 (Internal)

  • February 05, 2024

    New Features

    • Added support for Juniper SRX devices utilizing JunOS v22.3R1 allowing users to audit Juniper devices using the latest manufacturers recommended version.

    Continual Improvements

    • Improvements to PCI DSS audit and report to minimize investigate results for Cisco devices.

    • Resolved issue where, when conducting a Best Practice Security audit for Juniper SRX devices, Nipper indicates the absence of configured filtering rules, even when they have been set up.

    • Updated IANA database in Nipper (v3) to ensure latest resources are utilized.

    • Resolved an error on Firepower, whereby Nipper (v3) was crashing when importing a configuration file.

    • Resolved an error on Palo Alto, whereby when users add their Configuration file into Nipper (v3), then attempt to go to the next screen Nipper would show a serious error.

v3.3.1 (Internal)

  • February 21, 2024

    Continual Improvements

    • Resolved an issue when saving to XML, where Nipper (v3) would show a parse error, and could not be opened correctly via browser or XML.

    • Resolved an issue when users were attempting to go to the next page after adding their Cisco Nexus Configuration Nipper would freeze or crash.

    • Removed CIS report option on New Report Wizard for compliance and security licenses.

v3.4.0 (Internal)

  • March 18, 2024

    New Features

    • Added support for Cisco ASA devices utilizing V9.19 allowing users to audit Cisco ASA devices using the latest manufacturers recommended version

    • Added support for Firepower FMC/FTD devices utilizing V7.2.4 allowing users to audit Firepower devices using the latest manufacturers recommended version

    Continual Improvements

    • Improved accuracy of PCI DSS reporting against Juniper SRX devices & Cisco ASA devices, providing automation of checks against a greater number of PCI DSS security requirements. This in turn reduces the need for manual investigation by the user

    • Added in product help guides into Nipper so customers in an air-gapped environment can access the guides when they do not have access to the internet

    • Upgraded Nipper (v3) software platform to QT6. Benefits of QT6 include:

      • Improved performance - faster and more responsive user experience, as well as reduced memory usage

      • Security and bug fixes - an extended EOL means that we will get more security patches from Qt, fixing potential bugs and vulnerabilities in Nipper (v3)

      • Enhanced functionality and new features

      • Improved Support.

    • Resolved an issue whereby Nipper was crashing when attempting to remotely connect to a device.

    • Resolved an issue where the Network Filtering section was missing from the navigation menu on the Configuration Report.

v3.4.1

  • April 22, 2024

    Continual Improvements

    • Improved functionality to allow Nipper to automatically do an update check of resources, including new versions of Nipper and STIG, PSIRT, NVD and PCI DSS resource files. When there are updates available, the customer will now be notified on screen within Nipper and have the option to download and install them. This will prevent the need to download a new version of Nipper each time a resource file has been updated.

    • Resolved an issue whereby the exclude feature was not excluding the selected feature from the Best Practice Security, Cisco PSIRT and NIST NVD reports.

v3.4.2

  • June 17, 2024

    New Features

    • Added support for Cisco IOS devices utilizing V15.7.3M8 allowing users to audit Cisco IOS devices using the latest manufacturers recommended version.

    Continual Improvements

    • Resolved an issue where Nipper reported incorrect CVEs in the NVD report when auditing Cisco Nexus v9.3(13), Cisco Catalyst Switch IOS XE 16.9 and Palo Alto devices.

    • Resolved an issue where Juniper configuration causes Nipper (v3.4.1) to crash with no error message or explanation.

    • Resolved an issue where Nipper incorrectly displayed version downgrades as available updates.

    • Resolved an issue when auditing a Fortinet device where Nipper would show the Password Policy in the Configuration audit as disabled, when “set status enable” is set in the Password Policy configuration.

    • Added missing Nipper icon on the Settings page.

    • Resolved an issue where Juniper SRX was being incorrectly detected as Juniper J-Series Router.

    • Resolved an issue where Cisco AS Firewall incorrectly returns rules in Security Audit that do not allow Admin Services.

    • Resolved an issue with Fortinet Firewall configuration whereby “No Network Filtering Rules Were Configured” shows under Best Practice Security report although the rules are configured.

    • Resolved an issue where IKE Phase 2 configuration is wrongly detected by Nipper in the Configuration Report.

    • Resolved an issue with the Filtering Report where rules with specific Applications configured are being flagged as allowing access to any port, when they do not.

v3.5.0

  • September 9, 2024

    New Features

    • Cisco ASA CIS Benchmarks
      The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations’ technologies against cyber attacks. 
      Support has been added to Nipper v3.5.0 for Cisco ASA CIS Benchmarks, allowing customers to generate detailed CIS Benchmark reports for their Cisco ASA device.

    • Extended device support within Nipper to allow greater breadth of reporting across top devices. Nipper v3.5.0 is now able to support auditing for the following devices:

      • Arista EOS
      • Aruba Switch
      • Brocade IronWare, FastIron and ICX
      • Extreme XOS Summit and X-Series

    Continual Improvements

    • Resolved a number of incorrect findings reported in the following reports:

      • NVD report for Cisco ASA

        v9.18(4)8

        • Nipper incorrectly reported several CVE rated issues that were only present in versions 9.4 to 9.10.

      • Best Practice Security Audit for FortiOS

        v6.4.15

        • The check “Weak User Account Lockout Policy Setting” was incorrectly returned when lockout was set to 5 attempts.

        • The check “No RIP Update Neighbors Were Configured” was incorrectly returned when RIP was disabled.

        v7.2.8

        • Incorrect detection of password policies.

        v7.2.6

        • The following two findings were incorrectly returned when "Idle Timeout" set in configuration - "No SSH Session Timeout" & "No HTTPS Service Session Idle Timeout".

    • Resolved an error when exporting STIG benchmark report to XML.

    • Resolved an error whereby, for Juniper SRX Firewall, the 'Name' field was showing the imported configuration path on the host rather than its hostname.

    • Amendments to Best Practice Security report including minor text changes and missing bullet points.

    • Amended “Details” section within Properties with updated versioning and Copyright.

v3.5.1

  • October 1, 2024

    Continual Improvements

    • Resolved difficulties with connecting with Cisco ASA v9.12.4 through Remote Device option in Nipper.

    • Resolved an error where Palo Alto v11.1 was not being automatically detected, but was also unavailable to be manually selected within Nipper.

v3.5.2

  • October 9, 2024

    Continual Improvements

    • Resolved an issue whereby users were experiencing the following error when adding a remote device, after having upgraded to Nipper v3.5.1 from a previous Nipper version:

      “Critical error

      A serious error has occurred. Please contact support@titania.com describing what you are doing before this error appeared.”

      Clicking on “Ok” causes Nipper to close.

v3.6.0

  • October 28, 2024

    New Features

    • Support for F5 Big-IP version 17 within Nipper (v3), allowing users to audit F5 devices using Security Audit and device specific STIGs as well as NVD and PCI DSS security frameworks.

    • Added support for Check Point devices utilizing version R81.10 allowing users to audit Check Point devices using the latest manufacturer's recommended version.

    Continual Improvements

    • Improved the accessibility of reports by emphasizing the links within the reports by underlining them, to make them more distinguishable from the rest of the text.

    • Improved the accessibility of Nipper by ensuring that text sizing matches that set by the OS accessibility settings.

    • Resolved false positives found in Best Practice Security Report for Cisco Router v16.6 and Cisco IOS v15.4.

    • Resolved false positives found in NVD report for Cisco Catalyst Switch IOS XE v16.9.

    • Resolved false positives found in PCI report for FortiOS v7.2.7.

    • Amended the list of devices, shown when a user manually selects the device when adding a config file, to be in alphabetical order.

    • Minor text changes and UI improvements within Nipper to help improve navigation for users.

    • Updated missing router name from RIP Neighbours in Security Report.

    • Removed the 'Save to LaTeX' option due to being unfit for purpose.

    • Resolved an issue when using the Nipper Windows UI to establish a remote connection where the Palo Alto device option was shown twice.

    • Resolved an issue whereby the findings table was empty for investigates.

    • Resolved an issue whereby IPINIP protocol is missing from the Configuration Report.

    • Improvements to Audit Scopes.

    • Resolved an issue whereby, even when the auto selection is disabled on STIG reports, a FORTIOS configuration file Nipper will still auto select the STIG.

    • Resolved an issue where, when saving a report as Table to CSV, irrespective of the device, the ACL/Filtering rules tables were saving as blank files.

    • Resolved an issue where the option to modify a report were visible even when Nipper had no license, such as when you first install Nipper.

    • Improved the display of different rate limits for Cisco devices in reports.

v3.7.0

  • January 27, 2025

    New Features

    • NIST 800-171 (rev 3) reporting
      Nipper can now generate a NIST 800-171 (rev 3) report. This new report provides a comprehensive overview of compliance status with 19 critical NIST 800-171 requirements, helping to identify gaps and prioritize security improvements across six control families to better protect sensitive information.

    • CMMC 2.0 reporting
      Nipper can now generate a CMMC 2.0 report. The CMMC 2.0 report facilitates evaluating compliance with 20 essential requirements for levels 1 and 2, supporting the demonstration of adherence and the enhancement of cybersecurity practices across seven key domains, which is vital for securing government contracts.

    • Introduced “Save All Formats” saving option in Nipper (v3). This allows a user to save a report in all available formats.

    • Added the ability to select which Firepower Threat Defense (FTD) devices to assess when auditing a Firepower Management Center (FMC) configuration file. This allows the user to reduce the number of license usages when auditing FMC configuration files.

    Continual Improvements

    • Resolved several issues within the Audit Policy settings, including:

      • an issue with “BOGON IPV4 Addresses” and “Specific Host Service Blacklist” in Audit Policy settings whereby it wasn’t clear new entries had been added;

      • an issue where there was no option to set a value for lower case letters for passwords in Audit Policy;

      • prevented the same service from being added multiple times in Audit Policy by scrolling the user down to the entry already entered if they try to add a duplicate service.

    • Resolved an issue where, when saving the CIS Benchmark report to CSV format report, it was missing tables from CIS report section 1.2.2 onwards in the CSV report.

    • Resolved an issue with 800-53 audit, where the controls used were not mapped to device specific STIGs. This resulted in some controls returning a lower criticality rating than a device specific STIG. While the report is device agnostic, we now ensure that the ‘worst case’ rating is returned to customers.

    • Resolved an issue where Nipper v3.6.0 was crashing auditing Cisco IOS 15.1(2)SY7, IOS XE 17.3.4 & JunOS v21.4R3.15 devices against DISA STIG report.

    • Resolved an issue with the “Prompt for device selection” setting for Firepower where when this was not selected all FTDs were excluded from the report. The default will now be to ensure all will be included.

    • Amended the display of findings in Best Practice Security report to now display as a bullet list, rather than in a paragraph.

    • Resolved an issue where "Last Updated" field incorrectly displayed "NA" after a Nipper upgrade, this will now display last updated date.

    • Improvements to user guides around system wide licensing.

    • Resolved an issue where Nipper would crash when attempting to save as "STIG Viewer CheckList".

    • Resolved instance of incorrect finding 'STP Not Enabled On All Interfaces' in the Best Practice Security Report for Cisco IOS v15.2, whereby Nipper identified that Loopback0 interface did not have STP enabled when the interfaces were available in the switch.

    • Resolved instance of incorrect password findings in the Best Practice Security Report for Cisco IOS v15.2, whereby Nipper identified multiple weak password settings when the password policies were configured correctly.

    • Resolved instance of incorrect finding 'Rules Allow Access To Administrative Services' in the Best Practice Security Report for Palo Alto v10.1.10, whereby the rule "Prod_GlobalProtect-DNS-1" was configured to allow specific traffic between defined Source and Destination, yet Nipper continued to flag the finding 'Rules Allow Access To Administrative Services' for this rule.

    • Resolved multiple compiling issues with the LaTeX save function.

    • Resolved an issue where Nipper crashes when trying to change the report view.

    • In the summary section of the Nipper reports all lines were starting with a lower case ‘a’ – amended the first letter at the start of each bullet point to a capital letter.

    • Resolved an issue where F5 BIG IP remote connection needed the password to be entered twice.

    • Resolved an issue where the "set name" column was missing in CSV report.

    • Resolved an issue where a policy was set to Deny but Nipper was showing it as Permit in the Best Practice Security report for Juniper SRX V22.3R1.11.

    • Resolved an issue with the results logic where it was possible for a test to report a pass even though a sub-check has failed.

    • Resolved incorrect ’investigate’ returned in the PCI report (section 10.6.2) & 800-52 (AU-12(b)) for F5 Big IP device.

    • Improved positioning of Nipper logo on the installation screens.

    • Amended ordering of reports in the New Report Wizard to improve user experience.

    • Amended trivial text mistakes.

    • Improved the attribution of filtering failures in the Best Practice Security report across the following rules, to more accurately identify the specific failing rule:

      • Rules Allow Access To Administrative Services,

      • Rules Allow Access To Clear-Text Services,

      • Rules Allow Access To Potentially Unnecessary Services,

      • Filter Rules Allow Any Protocol,

      • Filter Rules Allow Any IP(please note IP here means internet protocol not IP address),

      • Filter Rules Allow ICMP.

      Where previously Nipper would list all the filtering rules on the device as the reason for the failure, Nipper will now narrow it down to exact rules that were in violation of what was being checked.

      Note: This change will affect all devices, resulting in less issues now appearing in the Best Practice Security Report compared to the same report being run on the same device using a previous version of Nipper.