As interest in attacking network infrastructure equipment increases, new players in the field will face the issues discussed in this paper, as well as some that are unknown to this day. It is the strong believe of the author that only be realizing the problems of the offensive party, that we can anticipate potential ways the attackers will be taking in order to circumnavigate or solve these problems.
When reliable exploitation and independence or semi-independence from the vast variance of IOS images has been achieved by an attacker, enterprise and carrier networks need to be prepared to change the way and frequency they select and deploy IOS images. This can only be achieved if Cisco changes the way they release images, providing clear and proven update paths that allow a large organization to update to a new IOS version without the issues normally connected with such exercise.
In today's Cisco router networks, updating breaks the network's functionality, preventing networking engineers from maintaining recent versions of IOS on their routers. This fact is leaving the network vulnerable to attacks, because the availability of the network is of significantly higher value than the integrity of its core nodes.
0 comments:
Post a Comment