oh dear, another case of "you've embarrassed us, you must pay!"
oh dear, another case of "you've embarrassed us, you must pay!"
CISCO SUBNET: Network World presents the independent voice of Cisco customers
Cisco exec shares virtualization vision
Cisco's new CTO talks first impressions
20 useful sites for Cisco networking professionals
Free Cisco Press book chapters
Cisco Subnet bloggers: Brad Reese on Cisco | Jeff Doyle on IP routing | Wendell Odom on Cisco certs | Jamey Heary on Cisco security
Quiz: How much do you know about Cisco
Networking how-tos and hints and tips from our Cisco Subnet bloggers
Cisco unveils services approach to enterprise mobility
|
|
Student evades Cisco NAC; gets suspended...
As long as he did not do anything malicious they should have congratulated him instead of suspending him! It is guys like this that Cisco should be hiring so these kind of issues never make it out of Cisco lab before the release of the software!
Shane Breen
DORETEL Communications, Inc.
http://www.DORETEL.com
Student should be suspended
If the student would have disclosed the vulnerability to cisco and the university authorities when he discovered it, rather than abusing the flaw for 7 months, then yes, Cisco should be hiring him.
However, stating after he was caught, that "I was going to tell Cisco about it this summer" is a cop-out. He obviously was not interested in helping Cisco produce resilient software. He SHOULD loose his ROTC scholarship. People who have so clearly demonstrated a lack of ethics and character do not belong as officers in our military, or writing code for secure infrastructure devices.
Sorry 'bout your luck Mr. Maass. I hope that you do some serious reflecting on the incident before UofP allows you a reinstatement hearing.
Student should be suspended
If the student would have disclosed the vulnerability to cisco and the university authorities when he discovered it, rather than abusing the flaw for 7 months, then yes, Cisco should be hiring him.
However, stating after he was caught, that "I was going to tell Cisco about it this summer" is a cop-out. He obviously was not interested in helping Cisco produce resilient software. He SHOULD loose his ROTC scholarship. People who have so clearly demonstrated a lack of ethics and character do not belong as officers in our military, or writing code for secure infrastructure devices.
Sorry 'bout your luck Mr. Maass. I hope that you do some serious reflecting on the incident before UofP allows you a reinstatement hearing.
what about other OSs?
tim, my biggest question around this is what about other OS's that cannot be tested by Clean Access. Are they all denied access now with the change of the default setting. In a college environment you have game consoles, pda/smartphones and all kinds of other devices seeking network access. How are they handled if by default they are denied? I have written more about this at my blog here
Easier method
There is a way easier method to fool Cisco NAC:
Make it think it is talking to a non-Windows machine.
See http://www.securityfocus.com/archive/1/444424/30/0/threaded
(Disclosure: I am one of the authors of that security advisory.)
Student evades Cisco NAC
All the student needs to do is set their browser agent to LINUX and they will bypass all scanning. Very easy to do.
Acronym Best Practices
Whenever acronyms are used, best practice says to spell it out the first time it is used in an article. This makes the article more worthwhile to read. NAC is a good example.