This book is split into three completely different parts . Each part can be read without even touching the remaining twoso if the reader is interested only in the issues described in the selected part, he or she may consult only that part.
The first part is introductory and gives the reader a taste of real-world Cisco devices and network security. None of the chapters in it deals with detailed attack techniques; thus, the usual Hacking Exposed Attack icons and Risk Rating boxes are absent. The majority of information in this part is defender-oriented, with a strong emphasis on the need for security to be built in to the network design from its earliest stage.
We begin the book by looking at the network as a whole and outlining how different network topologies, architectures, and designs can affect its security from both defender and attacker perspective.
A logical continuation of the previous chapter, this chapter provides a comprehensive review of all common Cisco security appliances, applications, and device security features. The selection is staggering.
This chapter is fully devoted to attackers : their motivations, aims, things they may do with the "owned" devices, and the general hacker's perspective of Cisco appliances and networks. It ends up by laying the foundations for professional, independent Cisco device and network penetration testing.
This part is the core of the book and describes how an attacker would first enumerate the whole network, and then pick up specific targets, enumerate them with great precision, launch an appropriate attack, gain and preserve enable-level access, and proceed with further devastating attacks through or from the hacked Cisco devices.
In this chapter, various Cisco- related network enumeration tricks not described in other Hacking Exposed volumes are shown. A heavy emphasis is placed on routing protocols, in particular BGPv4. Some of the demonstrated methods can directly handle the device access to a lucky cracker.
Here we review passive, semi-active, and active methods of precise enumeration of various standalone Cisco devices, from casual routers to VPN concentrators and wireless access points. Plenty of examples are provided, together with the recommendations on how to hide your box from the cracker's eyes.
The methods described in this chapter in great detail may not be very exciting, but they surely work, and that is how the majority of Cisco devices in the real world fall into even the most inexperienced attacker's hands.
Learn how hackers can discover input validation, information leak, and denial of service vulnerabilities of Cisco devices employing classical Black Box techniques, such as packet fuzzing. The two most common Cisco management services, SNMPd and web interface, are used to illustrate this approach in practice.
Find out how working buffer overflow exploits for Cisco IOS are constructed using a real-life example. We jokingly call this chapter "FX for Dummies"however, there is far more to it than meets the eye.
If a purely technical means of gaining access has failed, crackers can use social engineering tricks to gain physical access to a Cisco device, retrieve the configuration file, and crack the encrypted passwords. This chapter offers a welcome break between two technically heavy and skill-demanding chapters (8 and 10).
Here the myth of "attackers not being able to do a lot with the hacked Cisco router or switch" receives heavy battering. The most skilled intruders can actually hide the malicious code inside of the IOS binary image or even write a cross-platform IOS worm. On the countermeasures side, Cisco forensics are discussed.
Denial of service attacks against or through Cisco hosts are common, and this book would not be complete without covering this topic. Apart from the attacks themselves , we also explain how to use Cisco proprietary safeguards to stop even the most devastating distributed denial of service assaults.
In the final part of the book, we shift our attention from attacking the device to attacking the protocol. A fine art of protocol exploitation can handle intruders full control over the network traffic without any direct access and reconfiguration of the hosts deployed.
Data link layer attacks are not well known to unskilled crackers. They are sly and can easily slip under the watchful eye of an IDS, handling the attacker both stealth and power.
Moving to the higher network layers , the crackers can abuse Cisco failover and tunneling protocols, punch holes in firewalls, and hack into supposedly secure VPN tunnels. Don't succumb to a false sense of securityjust having a firewall or a VPN deployed is insufficient to stop a skilled attacker from doing his dastardly deeds.
Who controls the routing protocol controls the network. What else can be said? Pay special attention to BGP attacks, because they are a megalomaniac cracker's bonanza.
The appendixes provide additional technical material necessary for using some of the described concepts and techniques in practice.
This is the actual step-by-step template we developed from scratch for thorough security beta-testing of standalone network appliances, including those made by Cisco.
A live router example of the IOS auto secure configuration is provided to help network administrators use this reasonably recent IOS security feature, while avoiding any unnecessary configuration changes.
Here we present the first-ever printed press catalog of these mysterious commands for different Cisco-made operating systems, which can be helpful for both attackers and defenders alike. The secret enable-engineer mode commands taken from our testing CatOS switch are included.