Advice: What to do before an IOS disaster strikes
Security expert Jian Zhen explains how to fend off a Cisco router exploit
Computerworld - Last week, former Internet Security Systems researcher Michael Lynn presented at the Black Hat USA 2005 conference a reliable process that could be used to exploit Cisco routers running the Internetworking Operating System (IOS.)
Even though the exact exploit demonstrated during his presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and that previous misconceptions that routers and switches are not exploitable are false (see ISS researcher quits job to detail Cisco flaws).
Within days, there were more than a half dozen sites mirroring a copy of Lynn's presentation detailing the IOS exploit process (see Cisco vulnerability posted to Internet). In addition, all major networking mailing lists, such as NANOG, and many blog sites, such as Schneier on Security by security expert Bruce Schneier, were hot with discussions over such topics as responsible and ethical disclosures, possibly exploits and dooms day speculations. A legal defense fund for Lynn has also been created to assist him with the legal battles.
It's important to recognize that amid all the noise and arguments over the recent events, the specific vulnerability discussed in the presentation was not new. The flaw was patched by Cisco in April. All vulnerable versions of the IOS have been removed from the Cisco's Web site. Cisco also allows upgrades even for non-contract customers as long as the call comes through their technical assistance center.
However, it is likely most of the routers on the Internet have not yet upgraded to the latest patched IOS images. In addition, although the new IOS images are no longer vulnerable to the presented exploit, any newly discovered buffer or heap overflow vulnerabilities on the IOS can still be exploited using this same process. Knowing that Cisco's IOS software has been stolen and has been known to be in the wild, it is reasonable to assume that new vulnerabilities will be found and that worms exploiting the new vulnerabilities will probably appear short after. Given the widespread use of Cisco's routers, any vulnerability and/or exploit running wild will cause a huge disaster to the Internet as a whole.
One thing that I have not seen discussed in the many forums is what network administrators should do to remediate the risks of the "Digital Pearl Harbor," as described by Lynn. Cisco, ISS and many network professionals have suggested that the administrators upgrade all the Cisco routers to the latest IOS image.
Although a valid suggestion, upgrading routers is not a simple task. In addition to network disruptions, the latest IOS images may introduce new bugs,
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts