Optimization of network device hardening in a multivendor environment

Ali Bello Imoukhuede; Tarek Rahil Sheltami; Asharf Hasan Mahmoud; Abdulaziz Yagoub Barnawi

doi:10.1038/s41598-025-97894-4

Optimization of network device hardening in a multivendor environment

Ali Bello Imoukhuede, Tarek Rahil Sheltami, Asharf Hasan Mahmoud, Abdulaziz Yagoub Barnawi^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

This paper presents a Python-based Nornir framework for automating network device hardening in multi-vendor environments, addressing critical gaps in scalability and interoperability. Unlike existing single-vendor solutions, our method enforces CIS benchmarks across Cisco, Juniper, and Fortinet devices, achieving an 82.18% reduction in hardening time compared to prior automation tools and a 99.99% improvement over manual techniques. By leveraging Nornir’s multi-threading and vendor-agnostic inventory management, the framework ensures consistent security policies while eliminating configuration errors. Experimental results across 18 heterogeneous devices demonstrate its efficiency, with full hardening completed in 44 s (95% CI [43.8, 44.1]). This work provides enterprises with a scalable solution to rapidly secure complex networks against evolving threats, bridging the gap between compliance standards and real-world deployment.

Original language	English
Article number	15042
Journal	Scientific Reports
Volume	15
Issue number	1
DOIs	https://doi.org/10.1038/s41598-025-97894-4
State	Published - Dec 2025

Bibliographical note

Publisher Copyright:
© The Author(s) 2025.

Keywords

Automation
Device hardening
Network security
Optimization
Performance

ASJC Scopus subject areas

General

Access to Document

10.1038/s41598-025-97894-4

Cite this

@article{657a47342f1a436ba5635e05f77f5039,

title = "Optimization of network device hardening in a multivendor environment",

abstract = "This paper presents a Python-based Nornir framework for automating network device hardening in multi-vendor environments, addressing critical gaps in scalability and interoperability. Unlike existing single-vendor solutions, our method enforces CIS benchmarks across Cisco, Juniper, and Fortinet devices, achieving an 82.18\% reduction in hardening time compared to prior automation tools and a 99.99\% improvement over manual techniques. By leveraging Nornir{\textquoteright}s multi-threading and vendor-agnostic inventory management, the framework ensures consistent security policies while eliminating configuration errors. Experimental results across 18 heterogeneous devices demonstrate its efficiency, with full hardening completed in 44 s (95\% CI [43.8, 44.1]). This work provides enterprises with a scalable solution to rapidly secure complex networks against evolving threats, bridging the gap between compliance standards and real-world deployment.",

keywords = "Automation, Device hardening, Network security, Optimization, Performance",

author = "Imoukhuede, \{Ali Bello\} and Sheltami, \{Tarek Rahil\} and Mahmoud, \{Asharf Hasan\} and Barnawi, \{Abdulaziz Yagoub\}",

note = "Publisher Copyright: {\textcopyright} The Author(s) 2025.",

year = "2025",

month = dec,

doi = "10.1038/s41598-025-97894-4",

language = "English",

volume = "15",

journal = "Scientific Reports",

issn = "2045-2322",

publisher = "Nature Research",

number = "1",

}

TY - JOUR

T1 - Optimization of network device hardening in a multivendor environment

AU - Imoukhuede, Ali Bello

AU - Sheltami, Tarek Rahil

AU - Mahmoud, Asharf Hasan

AU - Barnawi, Abdulaziz Yagoub

N1 - Publisher Copyright: © The Author(s) 2025.

PY - 2025/12

Y1 - 2025/12

N2 - This paper presents a Python-based Nornir framework for automating network device hardening in multi-vendor environments, addressing critical gaps in scalability and interoperability. Unlike existing single-vendor solutions, our method enforces CIS benchmarks across Cisco, Juniper, and Fortinet devices, achieving an 82.18% reduction in hardening time compared to prior automation tools and a 99.99% improvement over manual techniques. By leveraging Nornir’s multi-threading and vendor-agnostic inventory management, the framework ensures consistent security policies while eliminating configuration errors. Experimental results across 18 heterogeneous devices demonstrate its efficiency, with full hardening completed in 44 s (95% CI [43.8, 44.1]). This work provides enterprises with a scalable solution to rapidly secure complex networks against evolving threats, bridging the gap between compliance standards and real-world deployment.

AB - This paper presents a Python-based Nornir framework for automating network device hardening in multi-vendor environments, addressing critical gaps in scalability and interoperability. Unlike existing single-vendor solutions, our method enforces CIS benchmarks across Cisco, Juniper, and Fortinet devices, achieving an 82.18% reduction in hardening time compared to prior automation tools and a 99.99% improvement over manual techniques. By leveraging Nornir’s multi-threading and vendor-agnostic inventory management, the framework ensures consistent security policies while eliminating configuration errors. Experimental results across 18 heterogeneous devices demonstrate its efficiency, with full hardening completed in 44 s (95% CI [43.8, 44.1]). This work provides enterprises with a scalable solution to rapidly secure complex networks against evolving threats, bridging the gap between compliance standards and real-world deployment.

KW - Automation

KW - Device hardening

KW - Network security

KW - Optimization

KW - Performance

UR - https://www.scopus.com/pages/publications/105003876529

U2 - 10.1038/s41598-025-97894-4

DO - 10.1038/s41598-025-97894-4

M3 - Article

AN - SCOPUS:105003876529

SN - 2045-2322

VL - 15

JO - Scientific Reports

JF - Scientific Reports

IS - 1

M1 - 15042

ER -

Optimization of network device hardening in a multivendor environment

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this