Ciscogate : Advice for customers
#153 Well after all the noise about Ciscogate, the question that begs answering is "What are customers to do about it?" There are bound to be plenty of postings on this topic and we will monitor them, but here is the first one out of the blocks which is actually quite nicely written "Advice : What to do before IOS disaster strikes"
Even though the exact exploit demonstrated during the (in)famous Black Hat presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and achieved by a reliable process and that previous misconceptions that routers and switches are not exploitable are false. Coupled with the fact that the Cisco clampdown on the exploit details failed, the theft of the Cisco IOS source code last year, and that hacking communities have openly stated they will work around the clock to build an exploit, we can assume that it would be highly prudent for Cisco, suppliers and customers to take this threat seriously.
Whilst all the focus is on the IPv6 vulnerability exposed at Black Hat on Thursday, a quick perusal for all the vulnerabilities that effect IOS (I could find at least 5 since Nov 2004) would seem to indicate that a patch upgrade would be prudent.
Although a patch is available for all the IOS vulnerabilities, we can safely assume that most routers on the Internet are unpatched (see previous blogs Hackers to target Cisco next? and Best you start thinking about patching your IOS now.) Also simply upgrading the IOS is a non-trivial affair and the problem that now faces the industry to patch all routers is no different to the patching problems plaguing Microsoft customers for the last two years.
The message is clear : Start planning your upgrades now:
Even though the exact exploit demonstrated during the (in)famous Black Hat presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and achieved by a reliable process and that previous misconceptions that routers and switches are not exploitable are false. Coupled with the fact that the Cisco clampdown on the exploit details failed, the theft of the Cisco IOS source code last year, and that hacking communities have openly stated they will work around the clock to build an exploit, we can assume that it would be highly prudent for Cisco, suppliers and customers to take this threat seriously.
Whilst all the focus is on the IPv6 vulnerability exposed at Black Hat on Thursday, a quick perusal for all the vulnerabilities that effect IOS (I could find at least 5 since Nov 2004) would seem to indicate that a patch upgrade would be prudent.
Although a patch is available for all the IOS vulnerabilities, we can safely assume that most routers on the Internet are unpatched (see previous blogs Hackers to target Cisco next? and Best you start thinking about patching your IOS now.) Also simply upgrading the IOS is a non-trivial affair and the problem that now faces the industry to patch all routers is no different to the patching problems plaguing Microsoft customers for the last two years.
The message is clear : Start planning your upgrades now:
- Inventory all Cisco routers in your infrastructure ASAP
- Identify all routers that can be upgraded to the latest version
- Create a testing lab for the new IOS images
- Create a plan to replace the old routers ASAP
- Create a plan to upgrade routers to the latest IOS images
- Create a response plan in case you are exploited in the interim
- Plan to patch your infrastructure regularly from now on
posted by Dwaine at 8/02/2005
0 Comments:
Post a Comment
<< Home