From: paul cosgrove (paul.cosgrove@gmail.com)
Date: Sun Jan 25 2009 - 20:04:47 ARST
You may wish to qualify that a little more, after all it is not unusual for
people to put misplaced faith in edge security devices without reviewing the
configs, processes, or risks elsewhere in the wider topology. Defence in
depth (with regular reviews) is a safer approach.
It is unusual for an IDS to monitor all traffic in a network, topologies do
not normally make that possible. They are normally positioned to protect
the servers and uplink DMZs, not the network infrastructure. Border
monitoring/filtering will not protect you from attacks launched locally from
equipment deeper inside the network, e.g. from user PCs aganst their default
gateway. In addition if you allow encrypted traffic (e.g HTTPS or SSH)
through your border then your IDS may have other blindspots.
It is worth considering other measures to help protect your network
equipment, e.g. infrastructure ACLs, and it goes without saying that you
should apply updates to patch any remote exploits that are announced. This
is all the more important now. Some people will devote many hours trying to
become the first to make widespead use of this discovery in the wild, and
not for the greater good.
Paul.
On Sun, Jan 25, 2009 at 3:13 PM, Jose <josermanzano@gmail.com> wrote:
> I not too worried since I'm looking at this through an Enterprise's
> Network set of eyeglasses. :-)
>
> If you have all the traffic that comes in and out of the network pass
> through firewalls that include as well as pass through some sort of IDS/IPS,
> as well as monitor the internal stuff through IDS/IPS you should not run
> into this issues from what I'm reading. A good firewall/IDS/IPS etc...
> will inspect the the actual data coming across and see if what coming
> across is not normal for that type.... as well as terminate the TCP Session
> , then reestablish it on the backed(internal) so session that the
> communication has is never direct.
>
> Now, having said that ...what about the routers that site in front of the
> firewall providing that internet connection ....... well i guess we better
> patch ...
>
> I'm love the idea that Metro-E hands of with a plain RJ45 Ethernet
> Connection more and more everyday 8-) .....
>
> You have to love the security cat and mouse game though....
>
> Darby Weaver wrote:
>
>> So very very true.
>>
>> On 1/24/09, Scott M Vermillion <scott_ccie_list@it-ag.com> wrote:
>>
>>
>>> AKA "marketing for security consultants," LOL. We R&S types can meet
>>> with
>>> limited success scaring people into thinking they're about to run out of
>>> capacity, etc, but we have nowhere near the leverage that the security
>>> types
>>> have! Fear is one of the greatest motivating factors in human nature
>>> (think
>>> Y2K). Talk about your job "security"...
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>> Wouter Prins
>>> Sent: Saturday, January 24, 2009 6:46 AM
>>> To: arali
>>> Cc: ccielab; ccielab-subscribe; cisco
>>> Subject: Re: Hack Simplifies Cisco Router Attack -
>>> www.darkreading.com/security
>>>
>>> The 'article' is just some $random blablabla IMHO :)
>>>
>>> 2009/1/24 arali <ar.ali@rediffmail.com>
>>>
>>>
>>>
>>>> Hi Group,
>>>>
>>>> Do you have any comment on below subject, please your guidance.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=21
>>> 2
>>>
>>>
>>>> 700896
>>>>
>>>>
>>>> Hack Simplifies Cisco Router Attack; CheckFree Alerts Customers
>>>> after Hack - Security researchers recently reported a significant
>>>> breakthrough
>>>> in a way to hack a class of Cisco routers without having to know the
>>>>
>>>>
>>> router
>>>
>>>
>>>> operating system. In other news, security researchers demonstrated a way
>>>>
>>>>
>>> to
>>>
>>>
>>>> crack the popular MD5 encryption algorithm, while CheckFree Corp
>>>> notified
>>>> its
>>>> users of a criminal's compromise of one of its Internet domains.
>>>>
>>>> Thanks &
>>>> Regards,
>>>> Arali
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST