- FTC targets prerecorded telemarketing drivel
- 16 hot roles for IT pros
- Securing SSLVPN with client certificates
- 13 desktop-virtualization tools
- 10 must-have virtualization tools
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
What can we do to protect our Cisco routers against the IOS rootkit software that was described at the EUSecWest conference last week?
According to an interview on the EUSecWest Web site with Sebastian Muniz, author of the IOS rootkit presentation, and software, the rootkit “consists of a binary modification to the IOS image” and so for now someone would need to load a modified IOS image to your system to install such a rootkit. Right now the best things to do to protect your routers is to follow the guidelines published by Cisco in response to the EUSecWest presentation. Verify the MD5 checksums for the IOS images you download, keep your IOS images on a hardened software distribution server, restrict access to your routers to the smallest group possible, keep your IOS version up to date, and pay attention to the information in the device log files. Implementing the router management best practices described by Cisco will go a long way toward ensuring that your routers are running on valid, up-to-date IOS images. The Internet Storm Center handler’s diary from May 23 also points out the Cisco Security Device Manager and the Center for Internet Security Router Assessment Tool are useful in hardening and validating Cisco router configurations. One other tool, CIR, was mentioned by Muniz as being able to provide analysis of a Cisco IOS core dump file sufficient to tell whether the IOS image had been modified, which could help identify whether a router had been compromised.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment