Guide to Harden Cisco IOS Devices

In the last days, industry journalists have started to make a big fuzz about a Cisco IOS rootkit that someone is going to present in a few days. Personally I doubt it would go beyond Tcl scripts that we already know about (OK, maybe it's EEM-based so it doesn't need a VTY and maybe it starts at router reload) … but I might be really surprised.

However, the Cisco's response to this announcement (which was basically saying "we haven't seen anything new yet") included a nice gem: a link to the Cisco Guide to Harden Cisco IOS Devices document.

10 comments:

  1. The link to the document was also on the last "Technical Services News", which (in my opinion) every cisco-user should subscribe: http://www.cisco.com/public/news_training/itsnews/index.html

    ReplyDelete
  2. Hi,

    which type of account is needed to access the "Hardening IOS..."-Guide? I can't access it using my free Cisco ID... :-((

    ReplyDelete
  3. Problem solved. This link from the Technical Services News works without "Forbidden File..."-error:

    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

    Karsten: I knew this site before, but where can you *subscribe* it? I don't see an option for a RSS-feed or mail-subscription which would be pretty nice.

    ReplyDelete
  4. @Karsten: thanks for the additional information. It looks like my attention span is way too short :(

    @Anonymous: thanks for the link, I've corrected the post.

    ReplyDelete
  5. Good point, I don't see an RSS feed or news link on that page. However, a person can subscribe to News@Cisco (http://newsroom.cisco.com/dlls/rss.html) and MyNews@Ciscowire (http://tools.cisco.com/newsroom/contactSearch/jsp/myNewsWelcome.jsp)

    It would be nice of Cisco to have links for RSS or new lists for content on this page. Time to contact Cisco and make a suggestion.

    ReplyDelete
  6. You can manage all you Newsletter-Subscriptions under http://www.cisco.com/offer/subscribe

    ReplyDelete
  7. It would be nice of Cisco to have links for RSS or new lists for content on this page

    Cisco do in fact has such a beast, WITH RSS feeds and everything!

    http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

    Cheers

    ReplyDelete
  8. As Karsten said.. This is all you need.. http://www.cisco.com/offer/subscribe

    ReplyDelete
  9. Jochen Bartl21 May, 2008 09:13

    >>Personally I doubt it would go beyond Tcl scripts that we already know about<<

    It seems like it's a bit more than just a tcl script:
    http://eusecwest.com/sebastian-muniz-da-ios-rootkit.html

    ReplyDelete
  10. Yes, it definitely looks like way more than a Tcl script. I'm getting impressed :)

    One more day to go and we'll see ...

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.