CertCities.com -- The Ultimate Site for Certified IT Professionals
Register today for a Free Sponsored Tech Library Webcast and you could WIN! Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... News ..News Story Monday: December 27, 2010


Router Exploits: A High-Value, High-Effort Activity


7/29/2009 --

It seems counterintuitive, but routers, which handle so much network traffic, have proved a tough nut for remote attackers to crack.

"It's a high-value target, but we're not seeing large-scale advanced exploits so far," said Felix Lindner, a researcher with Recurity Labs of German, said Wednesday at the Black Hat Briefings security conference.

The reason is partly due the nature of routers as well as to the quirks of the most widely deployed router operating system: Cisco's IOS.

"Routers don't expose that much functionality to the attacker," Lindner said. Routing protocols are run internally. In addition, "vulnerabilities in networking equipment often get fixed as functionality issues" because they require high availability. "They are not even noted as vulnerabilities, as such."

The current emphasis on client-side vulnerabilities also protects routers because they are seldom, if ever, run as clients.

Cisco's IOS also makes attacks difficult because of some of its apparent weaknesses, Lindner said.

"Cisco can't recover from any fault within the software," he said. Its only option to a fault is to crash, making it unavailable to an attacker.

There also is no standard image for any version of IOS, he said. Each image is built from scratch, so the layout of each depends not only on the version but also on who compiled it. This can be a problem for interoperability, which encourages wholesale upgrades of equipment, but it also makes attack difficult. Finding the right address for a process being attacked is difficult if not impossible, given the 272,722 different known IOS images.

As a result, most reported router exploits have been configuration issues and inside attacks. However, that could change as more research is done on practical router exploits. Analysis of similarities in different images of IOS can identify patterns that could make it easier to find target addresses within the operating system. But it is difficult to do and keeping a router running to execute and exploit still is not easy.

"This is still not perfect," Lindner said after outlining some promising avenues of attack against Cisco routers. "This is a work in process."

Also promising -- or troubling, depending on your point of view -- is the addition of new services such as voice over IP (VoIP), which can create a more client-like attack surface on routers, and the federally mandated Lawful Intercept Functionality, which enables wiretapping and can create vulnerabilities in service provider equipment.

Fortunately, "network engineers are an old-school bunch, and they don't really like to run that crap on their routers," Lindner said.

The best protection for routers is to keep such services off of networking equipment and in a separate infrastructure, and to make sure that only administrators can talk to the routers, he said. --William Jackson

Current CertCities.com user Comments for “Router Exploits: A High-Value, High-Effort Activity

There are no comments yet. Post one now.

Your comment about: “Router Exploits: A High-Value, High-Effort Activity”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group