Part I: Foundations

Chapter 1: Cisco Network Design Models and Security Overview

Chapter 2: Cisco Network Security Elements

Chapter 3: Real-World Cisco Security Issues

Steve Johnson was one of the low-end system administrators looking after a vast network of a government research institution. Since the organization had a nearly unlimited IT budget, its management liked to upgrade the network so often that the technical personnel had to spend as much time installing and configuring the new devices as they did in maintaining and monitoring of the existing ones. This meant frequent overtime work and Quake LAN parties. There were positive sides to the situation, at least, for some greedy person who could never miss an opportunity to make some extra cash on the side. And Johnson was greedy. Every time yet another upgrade took place, he was given some used server, router, or switch to destroyquite literallywith an iron bar. Richard, the CSO of the institution, was far too busy to oversee the destruction of every device himself, or perhaps he simply trusted the technical personnel too much. Apart from Richard, no one cared about network security, and when Richard wasn't around, Johnson dragged the " destroyed devices" back home after filling up forms documenting their successful "destruction." Of course, later on these devices could be found by anyone searching eBay for bargains.

That evening Johnson had to stay after his usual working hours and was handed two old 2900 series Catalyst switches to smash. Richard had already gone home, so nobody could stop Johnson from dumping both switches into his car boot and going to a local bar to celebrate his brother's birthday. It was already late, and after congratulating his brother and downing a few whiskies, Johnson went home, checked his e-mail, ran erase startup-config on both switches, and placed them for sale on eBay. Or, at least, he thought he ran erase startup-config on both switches, since the Catalysts looked exactly the samebut the whiskey was doing its job.

In another part of the country, Alan Gilmore earned his bachelor's degree in social anthropology because he wanted to have a good time and the faculty was close to his home. After graduation, he knew that happy times would not last forever and his mindset and life goals were not suited for humanities. So he joined an MSc in Computer Science conversion course. During this course, he acquired a taste for networking, and to gain career-wise leverage over his fellow students he decided to pursue Cisco certifications. He had successfully passed his CCNA and was gearing up for a CCNP Switching exam. To pass it, he needed to add a Catalyst switch to his modest study lab. And where did he look for a cheap secondhand Catalyst? eBay, of course. Alan logged in and discovered just what the doctor orderedan inexpensive 2924 Catalyst that would do the job. Without a second thought, he clicked the "Buy It Now" button.

When the switch arrived, Gilmore was surprised that its configuration file wasn't deleted. It contained the IP addresses of its previous network, including the name servers' addresses and many other interesting details. Most interestingly, it also contained both unprivileged user and enable passwords encrypted by the password 7 scheme. Gilmore was no hacker, but his curiosity took over. He was well aware of the weaknesses of the password 7 cipher and had ciscocrack installed to recover the passwords from his own Cisco 2500 routers used for studying . Gilmore pulled out the configuration file from the switch onto the TFTP server ( copy startup-config tftp://192.168.10.2/ switch-cfg ) and ran ciscocrack against it ( ciscocrack /tftpboot/switchcfg cracked-cfg ). The passwords were cracked instantly. Then, out of overwhelming curiosity, Gilmore swept the IP ranges mentioned in the switch config with an Nmap scan that looked like this:

 alan# nmap -A -p23 -O -vvv <scanned IP range> 

He saw a couple of hosts with open Telnet ports on the scan, and all of them were Cisco routers, not switches. Still, Gilmore tried to Telnet to one of them and entered the passwords obtained from the bought Catalyst's config. He held his breath enable! Without even looking at who the router belonged to, Gilmore executed a few network enumeration- related commands. Wow! The network was huge! Many hosts listed in the ARP table, many routes, OSPF running A large, live study routing lab for free what a nice bonus to get with a cheap switch on eBay! Gilmore started to play around, adding and removing routes, SNMP communities, writing custom access and distribute lists

And here's the epilogue . All possible alarms and alerts at the chief network administrator's monitoring station running CiscoWorks immediately went off. It didn't take long to figure out what had happened . First, Gilmore was taken into custody for breach of national security. He told the investigators everything, and the next day Johnson was arrested, too. Richard the CSO was immediately fired , and with such a dismissal faced the choice of finding a new job in several local fast food chains. After all, it was his responsibility that the devices be properly destroyed, that the passwords on the institution routers and switches not be the same and be encrypted with a strong cipher, and that the Telnet ports of these hosts not be accessible to the outside world.