 |
With networks expanding over many miles, cities, and countries it's important to keep you network safe. In the case of this reported company, the cost of sending people out to password recover the routers was a lot more than the blackmailer's offer so the company paid them and then locked down the devices after they regained access. This could of been avoided and the skills needed to lock down a router is not CCIE level stuff! Just using ACL's and a understanding of how the network is designed can prevent this kind of attack. Other issues with unauthorized access is even if you can regain access it's best to reload the IOS and review you config's. I say this since I have learned from Felix's presentation at BlackHat that some attackers load non-Cisco patches to the IOS. If an unauthorized IOS patch was made to your devices it is very difficult to identify the malicious code. With infected IOS code your routers you risk them becoming members of bot-nets, reset unexpectedly, or relay/hide unwanted traffic or tunnels. My recommendation is to only trust IOS code you get directly from Cisco. In the end of the day it does pay to keep your Cisco contracts up to date so when you need that clean IOS fix your CCO login can save the day. -------------------- David Davis - Cisco CCIE and the Expert Cisco Columnist for TechRepublic, suggests that you review his top five best practices to secure your routers, your network, and your company from malicious attacks: Fundamentals: Five ways to secure your Cisco routers and switches
Whitepaper covering Cisco IOS forensic developments, released at BlackHat Briefings Washington DC 2008: Developments in Cisco IOS Forensics Cisco IOS is still the prevalent router operating system in today’s networks. Its architecture and consequently the procedures to debug and analyze it are not suited well for detecting and thoroughly inspecting crash causes, especially intentional attacks. Cisco Systems recently started to distribute the successor, IOS-XR, which features process separation and the QNX commercial microkernel. However, the extremely large population of IOS devices and the significantly higher hardware requirements of the new IOSXR limit the impact it has on the currently deployed routing platforms. Generally, networking engineers are reluctant to move from one image version to another, despite the frequent updates by Cisco Systems. Most production networks stay with two or three minor versions behind the most recent releases, since only older versions provide the reliability they need to operate stable networks. All the discussed factors lead to a large part of the network infrastructure being vulnerable to attacks and malicious modification, without the appropriate tools to detect and analyze it. Developments in Cisco IOS Forensics
Have YOU too ever heard of a company being locked out of their Cisco routers by malicious intruders seeking blackmail money?
 | |
| Warning: Suspect Cisco WS-SUP720-3BXL, WS-SUP720-3B, WS-X6724-SFP and WS-X6748-GE-TX cards being offered for sale | |
| Mansion of Cisco CEO gets Palo Alto City Council approval | |
| Nortel enterprise director: Cisco insults users' intelligence | |
| Nortel enterprise director praises new Cisco ASR 1000 router | |
| Cisco Ferrari or Nortel lawn mower, which one will customers choose to ride? | |
| Cisco Power Supplies Cisco Authorized Factory Refurbished List Pricing Cisco Repair and Hardware Troubleshooting |