What hasn't been hacked, altered, and yet we still continue to attempt to fix it with broken encryption models that don't work. When will people start thinking like the hackers? I know of 1 solution http://www.dreamstream.info
What hasn't been hacked, altered, and yet we still continue to attempt to fix it with broken encryption models that don't work. When will people start thinking like the hackers? I know of 1 solution http://www.dreamstream.info
CISCO SUBNET: Network World presents the independent voice of Cisco customers
Cisco exec shares virtualization vision
Cisco's new CTO talks first impressions
20 useful sites for Cisco networking professionals
Free Cisco Press book chapters
Cisco Subnet bloggers: Brad Reese on Cisco | Jeff Doyle on IP routing | Wendell Odom on Cisco certs | Jamey Heary on Cisco security
Quiz: How much do you know about Cisco
Networking how-tos and hints and tips from our Cisco Subnet bloggers
Cisco unveils services approach to enterprise mobility
|
|
Lots of proof-of-concept in the lab
Cisco has had tons of bad news this week on the security front. The FBI freaks out about possible malware embedded in fake Cisco gear it found in the DoD's infrastructure. Today, Cisco issued patches to fix holes in Call Manager that could allow DoS attacks. But interestingly, in this case with the first Cisco rootkit, it is a proof-of-concept rootkit, written by a researcher. Same goes for the fake gear the FBI found -- the fear was caused by the fact that researchers have shown how it could be done -- not that they found evidence of malware in the actual fake gear.
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
A criminal is much more
A criminal is much more motivated than a security researcher, I am sure they already know how to rootkit a Cisco IOS and are smart enough to KEEP THEIR MOUTH SHUT!
Cisco is not immune to anything!!!
I guess Cisco has good run for a while. This proves that Cisco os not immune to anything afterall. People need to think carefully and not put blind trust in self proclaimed IT security GOD "CISCO" !!!!
I am glad we have diversified layerd security solution that puts us in better position. But all security with Cisco is shot in the foot!
RE: diversified security...
Saying "all security with cisco is shot in the foot" is not a very intelligent thing to say. Name me one product that is 100% free from vulnerability or exploitation.
While it is true that diversified security has value...the same can be said about a comprehensive, complementing product line designed to work together and be tightly-linked/fully inter-operable. Configuration, logging, notices, alerts, etc etc are easier to manage and audit, and there are many other beneficial factors as well.
All this article "proves" is that admins need to be diligent with their patching (as is true with all devices, applications, and operating systems) and adhere to decent password policies that address password strength, storage, sharing, and changing. It's really not that difficult to install a rootkit once access is obtained...
IT security GOD ?
Wow, that's the first time I've seen someone to label Cisco as "security GOD"
Usually I come across quite opposite statements - box movers, HW company without any intelligence, those-who-buy-everything-and-doing-nothing etc.
"Security GOD", good at least someone knows that Cisco has some security products/knowledge as well...
As for rootkit, it was only matter of time.
Diversify
With time, money and motivation anything can be hacked into. Don't gimme that "mine is not hackable" chorus. Unfortunately for Cisco their gear provides the largest sandbox in the world. A great launchpad for malware. If you care about security you will diversify your network equipment and not shoehorn yourself into the unique benefits or disadvantages of one vendor.
A secure environment mitigates this risk
In order to deploy these rootkits, someone needs device access. Imagine that you're using two-factor authentication to login, and logging all commands entered to a hardened, unmodifiable syslog server. If someone attempts to install the rootkit, there will at least be an audit trail that can be used against them (assuming they weren't smart enough to block the system log messages that indicated it was installed).
Once there is more information, this should be easy to identify measures to mitigate this risk.
A scary scenario would be a remote code vulnerability that allowed for a remote rootkit install. This would allow a worm to be created. The only thing you can do here is make sure you keep up on vulnerabilities and firmware releases, and hope Cisco writes better code ;)
Security 1st
This is a very interesting find and should hopefully entice and continue to motivate companies to stress the importance of security management. Great stuff Sebastian!