CiscoZine » Secure a router

Black Hat USA 2009: Router Exploitation

Fabio Semperboni — Fri, 31 Jul 2009 07:06:51 +0000

During the Black Hat USA 2009, Felix “FX” Lindner has presented his researches concerning the exploitation of memory corruption software vulnerabilitiesin Cisco IOS.

“The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.” says Felix ‘FX’ Lindner in his “Cisco IOS Router Exploitation” abstract.(...)
Read the rest of Black Hat USA 2009: Router Exploitation (108 words)

CoPP?! What is that?

Fabio Semperboni — Wed, 22 Jul 2009 15:57:40 +0000

Cisco Network Foundation Protection (NFP) is an umbrella strategy encompassing Cisco IOS Security features that provides the tools, technologies, and services that enable organizations to secure their network foundations. NFP helps to establish a methodical approach to protecting router planes, forming the foundation for continuous service delivery.

The router is typically segmented into three planes of operation, each with a clearly identified objective:

the data plane allows the ability to forward data packets
the control plane allows the ability to route data correctly
the management plane allows the ability to manage network elements.

The vast majority of packets handled by a router travel through the router by way of the forwarding plane, or data plane. However, the system’s route processor must handle certain packets, such as routing protocols, keepalives, packets destined to the local IP addresses of the router, and packets from management protocols and other interactive access protocols, such as Telnet and Secure Shell (SSH) Protocol. This type of traffic is often referred to as control plane traffic.(...)
Read the rest of CoPP?! What is that? (710 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, DOS, QOS, Secure a router, Video

Tips for securing Cisco administrative access

Fabio Semperboni — Thu, 16 Apr 2009 20:57:03 +0000

In this article I would explain some tips for securing Cisco administrative access.

When creating passwords, keep these rules in mind:

Make passwords lengthy
Passwords should combine letters, numbers, and symbols. Passwords should not use dictionary words
Change passwords as often as possible

Strong passwords are the primary defense against unauthorized access to your router. The best way to manage passwords is to maintain them on an AAA server, but not all people can have/manage a AAA server.

Cisco provides a number of enhanced features that allow you to increase the security of your passwords.

For the basic configuration read this article.(...)
Read the rest of Tips for securing Cisco administrative access (1,201 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, Secure a router, Tips

How to protect against BPDU attack

Fabio Semperboni — Tue, 17 Mar 2009 17:04:02 +0000

The spanning-tree protocol is used to cut loops that redundant links create in bridge networks. These packets are not attested by the system, so an attacker could spoof the BPDU and compromise the network stability!

See below to understand BPDU attack:

In this example the Ciscozine1 switch is elected Root Bridge due to the lower MAC-address (suppose that all the switches have the same priority).

(...)
Read the rest of How to protect against BPDU attack (840 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | 2 comments
Post tags: Advanced configuration, DOS, Secure a router, Spanning-Tree

Using AutoSecure to secure a router

Fabio Semperboni — Sat, 13 Sep 2008 12:15:49 +0000

Due to the number of CLI commands needed to manually disable services in an attempt to make the router more secure, Cisco introduced the AutoSecure feature from the Major Release 12.3 and subsequent 12.3 T.
AutoSecure is a good command for customers without special Security Operations Applications because it allows them to quickly secure their network without thorough knowledge of all the Cisco IOS features.

The command is available for the Cisco 800, 1700, 2600, 3600, 3700, 7200, and 7500 Series Routers.

There are 2 mode:

Interactive mode: prompts the user with options to enable and disable services and other security features
Non-interactive mode: automatically executes the Cisco AutoSecure command with the recommended Cisco default settings

(...)
Read the rest of Using AutoSecure to secure a router (1,117 words)