Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cisco warns system admins of new security flaw in some of its equipment

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 13, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Cisco said earlier today it's cautioning network administrators to be on the lookout of who's got root admin rights to some of its equipment.

The networking giant has seen some malicious ROM images in the wild, and adds that it could get worse soon.

The issue is that this isn't something Cisco can simply issue a security patch for the problem and then forget it.

With appropriate credentials, potential hackers could be able to drop new ROM images on routing and switching equipment to cause a number of networking issues.

"The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that Cisco administrators use to manage their networks at all the time", Cisco says.

In its security advisory, the company says-- "Cisco has observed a limited number of cases where attackers, after gaining admin or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON with a malicious ROMMON image".

To be clear, ROMMON *is* the IOS bootstrap, so replacing it simply means that the attacker can "manipulate device behavior", and if the owner doesn't know there's a malicious image, it will persist beyond a reboot or several reboots afterwards.

The company points to no less than three white papers so that users of Cisco IOS Classic platforms can refresh themselves on how to harden Cisco network gear against such an attack.

Cisco IOS Software Integrity Assurance, Cisco Guide to Harden IOS Devices, and Telemetry-Based Infrastructure Device Integrity Monitoring are those three white papers available on the Cisco site.

And it doesn't take a wild imagination to suggest that a sophisticated hacker would be involved here.

In fact, someone needed at first the skills to reverse-engineer ROMMON, and then the resources to actually fool sysadmins into installing the malicious image into their networks.

"In almost all of these cases seen by Cisco, attackers accessed the devices using valid administrative credentials", Cisco states, meaning that someone back-tracked the attack to the admin account used.

Source: Cisco.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer