Security tips Cisco: Attackers abuse Smart Install protocol
A remote configuration service for Cisco switches and weak passwords play into the hands of attackers. But admins can do something about it.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The US Cybersecurity & Infrastructure Security Agency (CISA) is currently warning of attacks on Cisco products and providing important security tips.
Gateway
Videos by heise
In a recent article, the agency writes that attackers are targeting the Smart Install plug-and-play service for the remote configuration of Cisco switches. The service has often been a gateway for attackers.
CISA links a document from 2017 with security tips for admins. Among other things, they recommend deactivating the service on all of the manufacturer's network devices. The service should be active by default.
During attacks, remote attackers access configuration data without authentication, for example, in order to manipulate the start-up process. In the course of this, they can install a version of the ISO system software infected with malicious code on the device and thus compromise it completely. If such an attack succeeds, attackers can spread further into a company's network.
According to an article published in April of this year, Cisco has since discontinued the service via a software update. Apparently, however, many switches are still not up to date and Smart Install is still active.
Further security tips
CISA also refers to a catalog from the National Security Agency (NSA) with tips on general network security. Among other things, it deals with the detection of backdoors and how admins divide networks into separate areas.
They also link to a collection of important tips for using secure passwords. In this context, it is elementary, for example, that passwords are protected with functions that are currently considered secure, such as PBKDF2.
(des)
