Skip Links

Network World

Brandon Carroll

Are you Vulnerable?

Recently described vulnerabilities in Cisco Wireless Networks..

By brandon on Wed, 10/07/09 - 12:31am.

Is your network Vulnerable? If you are running 4.x and 5.x WLC software you may be. Ask yourself, "Did I follow Cisco Best Practices?" If you didn't you may be sorry. A recent issue with OTAP has been widely discussed in online forums, blogs, and such. You may be familiar, but, If you don't understand OTAP (Over the Air Provisioning) visit the following site to get you up to speed:

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a008093d74a.shtml

And if you are familiar with how OTAP works but not with the vulnerability, check out the following URL:

http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

George Stefanick at http://www.my80211.com claimes that there may be more to it than Cisco is mentioning.  His post with Video detailes it here:

http://www.my80211.com/security-labs/2009/9/5/there-is-more-to-the-recent-cisco-wireless-otap-issue-that-i.html

But aside from that, could your network be even MORE vulnerable?  Hard to imagine right? But check out Georges latest post where he discusses how default SNMP strings could further add to the issue, leaving your network open to some major issues.  

http://www.my80211.com/home/2009/10/6/cisco-wlc-rogue-wcs-attack-all-your-base-are-belong-to-us.html

Nice find George!  Great way to dig deep, find an issue, and teach people what they should do to correct the issue.  It shows that you care about the technology and what can happen if you just take shortcuts (like leaving SNMP strings with default values) to get things up an running in a hurry.

George Stefanick is a  Senior Wireless Engineer at Texas Medical Center, working on a large wireless network for a major heathcare system.  Guys like this are invaluable.

About Cisco Unwired

Brandon Carroll, CCIE # 23837, is a certified Cisco Systems Instructor working for Ascolta Training, based out of the Irvine, Ca. Training Center. He is published by Cisco Press/Pearson Education in the area of network security and wireless.

Brandon maintains a personal blog at GlobalConfig.net as well as a company blog at Ascolta

His most recent book is theCCNA Wireless Official Exam Certification Guide, however a new AAA Identity Management book is soon to be published, available now as a http://www.ciscopress.com/bookstore/product.asp?isbn=1587141558.

This blog is part of the Cisco Subnet blogging community.

 

Most Discussed Posts

Blog Roll
Ascolta's Cisco Study Blog
http://blog.ascolta.com
GlobalConfig.net
http://globalconfig.net
Etherealmind.com
http://etherealmind.com
PacketPushers
http://packetpushers.net
IOS Hints
http://blog.ioshints.info