DeepNines Steps up to Safeguard Unprotected Routers from a Newly Identified Cisco Exploit That Affects Traffic and Exposes Network Routers.DALLAS -- As yet another Cisco vulnerability has been identified, Deep Nines Inc. continues to press the market to protect their routers. Today's vulnerability causes router devices to receive specifically crafted DHCP (Dynamic Host Configuration Protocol) Software that automatically assigns temporary IP addresses to client stations logging into an IP network. It eliminates having to manually assign permanent "static" IP addresses. DHCP software runs in servers and routers. packets that force the inbound interface to stop processing traffic. The attack has the ability to stop processing packets destined des·tine tr.v. des·tined, des·tin·ing, des·tines 1. To determine beforehand; preordain: a foolish scheme destined to fail; a film destined to become a classic. 2. to the router, including routing protocol A formula used by routers to determine the appropriate path onto which data should be forwarded. The routing protocol also specifies how routers report changes and share information with the other routers in the network that they can reach. packets and ARP packets. The significance of this vulnerability is that no alarms are triggered, nor will the router recognize the attack and correct itself. DeepNines Security Edge Platform(TM), a patent-pending, comprehensive security platform that sits in front of the router, can eliminate the threat of such vulnerabilities in the first place. The DeepNines Security Edge Platform serves as the single, centralized network security and traffic management system for an entire organization and integrates firewall, intrusion prevention See IPS and IDS. , secure content management, forensics See computer forensics. and reporting. The platform is configured during installation to identify and stop exploits that could be developed by hackers to take advantage of vulnerabilities like this. Additionally, using DeepNines' Adaptive Rate Control and intelligent firewall functionality, all bootp/DHCP traffic is inspected and controlled to ensure that it is legitimate to the network. "From our point of view, this has been a tough couple of weeks for Cisco. Just last week a group of hackers advertised their Pix firewall See Cisco PIX firewall. source code for sale and now DHCP, which provides a basic service request within routers, is further exposing their routers," said Dan Jackson COO and president of DeepNines. "These targeted attacks against Cisco won't relinquish any time soon because hackers have proven to focus on technologies with the biggest market share. It's time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a we take security to the furthest point of the network and deploy a solution in front of the router. We are the only network security company that can offer router protection and are prepared to help secure the extensive investments networks hold." In addition to deploying the Security Edge Platform in front of the router, DeepNines professional services group recommends a work around by applying ACL's to the router to stop this type of behavior or upgrade the IOS (1) (Internetwork Operating System) An operating system from Cisco that is the primary control program used in its routers. IOS is widely used and robust system software that supports the common functions of all products under Cisco's CiscoFusion architecture. . This will create an additional problem as it is proven that ACL's will continue to decrease the performance of the router and is only a temporary solution. DHCP, which configures both private and dynamic host configuration, is a basic service request within Cisco routers and by default is configured to accept both of these packets and forwards DHCP and BootP packets across separate broadcast domains. The problem is that Cisco routers are configured by default to accept DHCP packets and a command "service dhcp" will not appear on the configuration display. However, the only command that is visible and will disable this feature is "no service dhcp," which will then appear on the configuration display. Ultimately, certain DHCP packets will remain undeliverable un·de·liv·er·a·ble adj. Difficult or impossible to deliver: undeliverable mail. un , but will remain in the queue instead of being dropped. For example, if a number of packets are sent that equal the size of the input queue, no more traffic will be accepted and a Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. will be created. Furthermore, on a blocked Ethernet interface, Address Resolution Protocol See ARP. (networking, protocol) Address Resolution Protocol - (ARP) A method for finding a host's Ethernet address from its Internet address. The sender broadcasts an ARP packet containing the Internet address of another host and waits for it (or some other host) to send (ARP) times out after a default time of four hours, and no inbound or outbound traffic can be processed, including both IP and non-IP traffic such as IPX (Internetwork Packet EXchange) The network layer protocol in the NetWare operating system. Similar to the IP layer in TCP/IP, it contains a network address and allows messages to be routed to a different network or subnet. . The device must be rebooted to clear the input queue on the interface, and will not reload (1) To load a program from disk into memory once again in order to run it. Reload is entirely different than reinstall. Reinstall means that you have to run the install program from a CD-ROM or floppy disk and perform the installation procedure over again. without user intervention. If the attack is repeated on all interfaces, it causes the router to be inaccessible. "We find our newly announced relationship with DeepNines timely as the events unfolding are demonstrating how the edge router is a known point of vulnerability for almost any network," said Babak Pasdar, Founder and chief information security officer of igxglobal. "Transparent edge security is a proven approach to protect this exposed part of a network." About Deep Nines Inc. DeepNines offers a scalable security platform for Global 2000 companies with a vertical market focus in education, government, telecommunications, energy and financial services. The DeepNines Security Edge Platform(TM) integrates intelligent firewall, intrusion prevention, best of breed secure content management functionality, forensics and reporting that operates outside the network infrastructure, improving organizations' security "deep into the nines." DeepNines' Security Edge Platform, the company's patent-pending security system, is a fully automated intrusion prevention and traffic management system and serves as the single, centralized network security system for an entire organization. The Security Edge Platform runs on Solaris and Linux platforms from Sun Microsystems. To learn more about Deep Nines visit www.deepnines.com. (C)2004 Deep Nines, Inc, DeepNines Technologies, Security Edge Platform, Security Edge System, Sleuth9 Security System, Sleuth9, ForensiX Capture System, Holistic Management Console, and Zero Footprint Technology are trademarks and/or registered trademarks of Deep Nines Inc. All other brands and products are trademarks and/or registered trademarks of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion