Refense Technologies, the leader in Security Risk Management for mission critical network infrastructure, today released an update that provides its customers with the ability to verify the authenticity and integrity of Cisco’s Internet Operating System (IOS) software images running on their production network devices. This update is in response to an issue that was disclosed at the EUSecWest security conference on May 22, 2008. While no new vulnerability was identified, it was demonstrated that an attacker, given access to a Cisco IOS device, could insert malicious code within the IOS software image. This malicious code, known as a rootkit, could be used to silently monitor and control the device. Rootkits are commonly found in the desktop PC environment where they have been developed to steal information and control a system without the user’s knowledge. This is the first time someone has been able to demonstrate their portability to network devices which previously were believed to be low risk targets for these types of attacks. In response to the presentation given at the EUSecWest security conference, Cisco’s PSIRT Security Response Team issued a must-read document which provides a list of security best-practices to improve the security posture of Cisco routers and switches.
Refense VMS, a vulnerability management solution for network devices (Routers, Switches, Firewalls & Wireless Access Points) provides an automated means of ensuring these security best-practices are applied across every device on the network. Refense Operations Manager, Steve Mortiboy, explained “Our Refense VMS solution can immediately identify any misconfiguration of a Cisco router or switch and provide intelligent mitigation information to enable Network Managers to quickly respond to threats and harden their networks against possible attack”. Steve further stated, “In addition to the 100+ security checks currently available with Refense VMS, our Security Research Center (SRC) is today releasing a new check that will perform Cisco IOS image file verification by comparing the MD5 hash value of the installed Cisco IOS image to that of the known-good MD5 hash value for a given Cisco IOS software image”. This security check is being provided in response to the guidance published by Cisco PSIRT on verifying the authenticity and integrity of Cisco IOS images across production network devices.
To read the full details of Cisco’s PSIRT Security Response, please visit the Cisco website at http://www.cisco.com/


