In the computer age, vulnerabilities and back doors into devices are proving heaven for hackers and hell for administrators. Every week it seems that new vulnerabilities are discovered in different devices. Cisco IOS is no different and numerous vulnerabilities can be found in their devices. The aim of the report is to research vulnerabilities in Cisco's IOS operating system. Tools available in Backtrack 5 will be used to exploit the vulnerabilities. GNS3 will be used to set up a working topology to work in conjunction with Backtrack 5 to demonstrate the tools. The report also contains screenshots of the tools that will aid the readers understanding.
2. Cisco IOS Vulnerabilities
3. GNS3 Setup
A network topology in GNS3 (Graphical Network Simulator) is used in conjunction with Backtrack 5 to demonstrate the exploit tools of Cisco. The topology consists of three routers connected to one switch which is connected to a cloud. The cloud will act as Backtrack. The network address is 192.168.6.0/24. Each router is configured with separate IP addresses in the network. Backtrack is connected to the cloud on the same Vmnet custom network. (See Figure 3-1 below).
Figure 3-1. GNS3 Topology.
4. Cisco Auditing Tool
The Cisco Auditing Tool's main function is to scan cisco routers to look for well known vulnerabilties. The tool accomplishes three main tasks which are, brute forcing the telnet password if telnet is running, it tries to brute force the Simple Network Management Protocol (SNMP) community strings, and finally it looks for the IOS history bug. (Ali and Heriyanto, 2011, p 144).
Telnet is a program that connects a PC to the server or router on the network. The default port for telnet is 23. SNMP is a p...
... middle of paper ...
...
Mati Aharoni, William M. Hidalgo (2010) Cisco SNMP configuration attack with a GRE tunnel
[online] available from
< http://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel > [08 March 2014].
Faircloth J, Beale J, Temmingh R, Meer H, van der Walt C, Moore HD (2006) Penetration Testers Open Source Toolkit.
3rd edn. Massachusetts : Elsevier Syngress Publishing.
Kevin Orrey (2008) Cisco Torch [online] available from
< http://www.vulnerabilityassessment.co.uk/torch.htm> [08 March 2014].
Ali, S. and Heriyanto T. (2011) BackTrack 4: Assuring Security by Penetration Testers.
1st edn. Birmingham: Packt Publishing.
Alfredo Andres Omella, David Barroso Berrueta (2010) Yersinia Man Page [online] available from
< http://manpages.ubuntu.com/manpages/hardy/man8/yersinia.8.html> [08 March 2014].
Commencing penetration tests within the infrastructure of Alexander Rocco Corporation may be a strenuous, yet beneficial process. However, before commencing penetration tests, much planning, strategizing, and research is necessary in order to ensure successful, seamless, and legal operations. Based on information provided by the SANS Institute, an initial meeting should be coordinated between those responsible for conducting the tests, along with the appropriate leadership personnel of the company (source). Within the meeting, the scope of the project should be established, classifying company data appropriately, and determining which components of the company’s infrastructure require penetration testing, which may include Alexander Rocco Corporation’s
few computers to the line that comes from the Tymnet. Tymnet is a series of
The purpose of the internal audit is to protect Costco 's assets through evaluating the acceptability and efficiency of internal controls; recognizing areas of possible risk, revenue improvement and/or cost reductions; and making sure transactions are authorized, completed, and logged as proposed. The internal auditors are accountable for guiding audits of all Costco’s local and global activities, its affiliates, and other entities Costco conducts business with as deemed necessary by management.
Kotapati, K., Liu, P., Sun, Y., & LaPorta, T. F. (2005). A taxonomy of cyber attacks on 3G networks. In Intelligence and Security Informatics (pp. 631-633). Retrieved November 11, 2013 from http://nsrc.cse.psu.edu/tech_report/NAS-TR-0021-2005.pdf
Cisco Systems is one of the largest network communications company in the world. Cisco provides networking solutions that customers use to build a integrated information infrastructure of their own, or to connect to someone else’s network. Cisco also offers an extensive range of hardware products used to form information networks, or to give them access to these networks. Cisco also has it’s own software called IOS software, which provides network services and enables networked applications. Cisco serves customers in a wide range of businesses, such as corporations, government agencies, utilities, and educational institutes, and small to medium size businesses. Cisco sells it’s products worldwide. They serve as many as 115 different countries. They have more than 225 sales and support offices in 75 countries. Cisco strongly believes in the advantages of a global networked business. By using networked applications over the internet and it’s own internal network, Cisco is gaining financial contribution of at least $825 million a year in operating costs savings and revenue enhancements. Today, Cisco is the largest commerce site, with 87% of their orders are transacted over the web.
There is constant concern about different kinds of devices and tools because of their vulnerability: laptops; personal computers in the home; libraries and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security.... ... middle of paper ... ...
Roger Dingledine, Nick Mathewson, Paul Syverson. Tor: The Second-Generation Onion Router. Washington DC: Naval Research Lab, 2004.
In this case study, I aim to present the recent issue about Cyber security, protecting client’s private data and information through the controversial Apple and
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
Cisco certification is a accomplished scientific boost certificate skeleton which is feature with ongoing by Cisco company for advancing Cisco technology, cultivating the repercussion management design again designing troubleshooting personnel. Candidates burden help the prevailed Cisco certificates as valid combat of bread change or company qualification.
...t to track all Internal and External users activity, auditing plays the key role in monitoring these user actions. Data masking and encryption technology provide certain level of assurance that data is not easily accessible to unauthorized users.
"In the early versions of the iPhone, hackers were able to exploit bugs found in the bootrom, which allowed the jailbreak to exist throughout the life of the device, and could not be fixed by Apple through a software patch. Once Apple realized that jailbreakers exploited the ...
Communication is the basis by which a company can become successful and achieve a competitive advantage. Information must be able to flow between departments especially if such departments are located globally. The need for communication is what generated the idea that became the company known as Cisco. Husband and wife Len Bosack and Sandy Lerner, both working for Stanford University, wanted to email each other from their respective offices located in different buildings but were unable to due to technological shortcomings (The Network, 2016). The need for communication brought Bosak and Lerner to create the first multi-protocol router, which was the start of Cisco. The name Cisco was derived from the city San Francisco
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
Testing One Two. By: Nisley, Ed. Dr. Dobb's Journal: Software Tools for the Professional Programmer, May2003, Vol. 28 Issue 5, p80, 4p, 1c; (AN 9457433)