Advice: What to do before an IOS disaster strikes
Security expert Jian Zhen explains how to fend off a Cisco router exploit
Computerworld - Last week, former Internet Security Systems researcher Michael Lynn presented at the Black Hat USA 2005 conference a reliable process that could be used to exploit Cisco routers running the Internetworking Operating System (IOS.)
Even though the exact exploit demonstrated during his presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and that previous misconceptions that routers and switches are not exploitable are false (see ISS researcher quits job to detail Cisco flaws).
Within days, there were more than a half dozen sites mirroring a copy of Lynn's presentation detailing the IOS exploit process (see Cisco vulnerability posted to Internet). In addition, all major networking mailing lists, such as NANOG, and many blog sites, such as Schneier on Security by security expert Bruce Schneier, were hot with discussions over such topics as responsible and ethical disclosures, possibly exploits and dooms day speculations. A legal defense fund for Lynn has also been created to assist him with the legal battles.
It's important to recognize that amid all the noise and arguments over the recent events, the specific vulnerability discussed in the presentation was not new. The flaw was patched by Cisco in April. All vulnerable versions of the IOS have been removed from the Cisco's Web site. Cisco also allows upgrades even for non-contract customers as long as the call comes through their technical assistance center.
However, it is likely most of the routers on the Internet have not yet upgraded to the latest patched IOS images. In addition, although the new IOS images are no longer vulnerable to the presented exploit, any newly discovered buffer or heap overflow vulnerabilities on the IOS can still be exploited using this same process. Knowing that Cisco's IOS software has been stolen and has been known to be in the wild, it is reasonable to assume that new vulnerabilities will be found and that worms exploiting the new vulnerabilities will probably appear short after. Given the widespread use of Cisco's routers, any vulnerability and/or exploit running wild will cause a huge disaster to the Internet as a whole.
One thing that I have not seen discussed in the many forums is what network administrators should do to remediate the risks of the "Digital Pearl Harbor," as described by Lynn. Cisco, ISS and many network professionals have suggested that the administrators upgrade all the Cisco routers to the latest IOS image.
Although a valid suggestion, upgrading routers is not a simple task. In addition to network disruptions, the latest IOS images may introduce new bugs,
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts