Wednesday, September 12, 2012

Network Security Horror Stories: Router Misconfigurations

In our the last installment of our network security horror stories (part one was on Change Control and part 2 on Firewall Misconfigurations) and today we’re going to focus on router misconfigurations. Like firewalls, routers play an important part of your organization’s network, but unlike firewalls they are not a security appliance. Even though routers main purpose isn’t security focused, it doesn’t mean that you can’t secure them. Here are a few classic router misconfiguration examples that I’ve come across:

1.    HTTP Open on the Router

While reviewing security for a company from the perimeter I discovered that HTTP was enabled on their core Cisco routers. They were both running very old versions of the IOS and were using the default credentials to log into the device. After getting into the router I was able to escalate to “enable” mode and could in theory have changed routes or wiped the NVRAM. After speaking with the network owners we quickly removed the HTTP service from the core routers and dodged a bullet.

2.    Password Files Stored on Router

Everyone knows that if you’re going to store passwords you should do it in a secure manner as to not divulge your credentials. Well, in this instance an admin decided to store all of the company’s credentials in a Microsoft Word file on the router’s storage. This router was running SSHv1 and penetration testers were able to gain access to the system. After finding this file they were given complete access to the company without blinking an eye. When the admin was confronted about the file being stored his response was, “But you can’t open the .doc file on a Cisco router!!”. He obviously wasn’t getting it.

Read the rest of my article posted on Algosec's blog: http://blog.algosec.com/2012/09/network-security-horror-stories-router-misconfigurations.html

No comments:

Post a Comment