Advice: What to do before an IOS disaster strikes
Security expert Jian Zhen explains how to fend off a Cisco router exploit
Computerworld - Last week, former Internet Security Systems researcher Michael Lynn presented at the Black Hat USA 2005 conference a reliable process that could be used to exploit Cisco routers running the Internetworking Operating System (IOS.)
Even though the exact exploit demonstrated during his presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and that previous misconceptions that routers and switches are not exploitable are false (see ISS researcher quits job to detail Cisco flaws).
Within days, there were more than a half dozen sites mirroring a copy of Lynn's presentation detailing the IOS exploit process (see Cisco vulnerability posted to Internet). In addition, all major networking mailing lists, such as NANOG, and many blog sites, such as Schneier on Security by security expert Bruce Schneier, were hot with discussions over such topics as responsible and ethical disclosures, possibly exploits and dooms day speculations. A legal defense fund for Lynn has also been created to assist him with the legal battles.
It's important to recognize that amid all the noise and arguments over the recent events, the specific vulnerability discussed in the presentation was not new. The flaw was patched by Cisco in April. All vulnerable versions of the IOS have been removed from the Cisco's Web site. Cisco also allows upgrades even for non-contract customers as long as the call comes through their technical assistance center.
However, it is likely most of the routers on the Internet have not yet upgraded to the latest patched IOS images. In addition, although the new IOS images are no longer vulnerable to the presented exploit, any newly discovered buffer or heap overflow vulnerabilities on the IOS can still be exploited using this same process. Knowing that Cisco's IOS software has been stolen and has been known to be in the wild, it is reasonable to assume that new vulnerabilities will be found and that worms exploiting the new vulnerabilities will probably appear short after. Given the widespread use of Cisco's routers, any vulnerability and/or exploit running wild will cause a huge disaster to the Internet as a whole.
One thing that I have not seen discussed in the many forums is what network administrators should do to remediate the risks of the "Digital Pearl Harbor," as described by Lynn. Cisco, ISS and many network professionals have suggested that the administrators upgrade all the Cisco routers to the latest IOS image.
Although a valid suggestion, upgrading routers is not a simple task. In addition to network disruptions, the latest



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Digital Transformation: Creating New Business Models Where Digital Meets Physical
- Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
- Make the Connection: Better Network Connectivity Drives Transformation
- Network connectivity is more than just plumbing. Leading organizations today see high-performance network connectivity as a critical enabler of competitive advantage, and not...
- Virtualizing Government Infrastructure
- All server virtualization solutions are not created equal. The more-with-less agenda for government agencies is tailor-made for server virtualization, which is evolving into...
- Moving Service Management to SaaS
- Today, organizations can enjoy similarly substantial benefi ts by migrating their IT service management functions to a software-as-a-service model. This paper shows how...
- Achieving 360 Degree Network Visibility with Nimsoft
- 360° network visibility is critical for ensuring continuous availability of networks, servers, and applications-anything less could
have costly bottom-line implications.
All Networking White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Unified Communications 101
- What's the best way to implement a unified communications solution for your organization?
- Try the OptiView® XG on your network - FREE
- The OptiView® XG is the first dedicated tablet with automated network and application analysis -- fastest way to root cause. XG raises the...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and... All Networking Webcasts