Security Update:Cisco Warns of Attackers Hijacking Cisco IOS Devices
Date and Time
Cisco IOS Devices
Cisco Systems officials are warning customers of a series of attacks that completely hijack critical networking gear. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image.
Advanced Users: For a complete description of the security enhancements and affected software refer to Evolution in Attacks Against Cisco IOS Software Platforms at http://tools.cisco.com/security/center/viewAlert.x?alertId=40411.
- Cisco IOS devices
WHAT'S THE PROBLEM?
Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted.
WHAT DO I NEED TO DO?
1. Users of Cisco IOS devices review these documents to understand the types of threats against Cisco IOS devices.
- Cisco IOS Software Integrity Assurance - http://www.cisco.com/web/about/security/intelligence/integrity-assurance...
- Cisco Guide to Harden IOS Devices - http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
- Telemetry-Based Infrastructure Device Integrity Monitoring - http://www.cisco.com/web/about/security/intelligence/network-integrity-m...
2. Ensure operational procedures include methods for preventing and detecting compromise.
- IT Security - http://it.ucsf.edu/security