Deep Nines recently questioned the security of Cisco routers in advance of offering a security solution of their own that would process data before it hits the router.
"From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," says Dan Jackson, president and COO of DeepNines Technologies.
DeepNines' vision of routers as targets could already be coming true. On Jan. 19, Cisco Systems announced new vulnerabilities for the Internetwork Operating Software (IOS) that runs its routers for Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST). According to information from Cisco, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS)."
"Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year," Jackson said. "Cisco's greatest asset, its large market share, could become one of its most glaring weaknesses. Just as Microsoft's market share makes it a target for attackers, so, too, Cisco could begin to suffer attacks more regularly. The real problem is that there has been virtually no protection for routers -- until now. Our DeepNines Security Edge Platform(TM) sits invisibly in front of the router, monitors all traffic coming in and out and stops or traps the bad traffic before it's able to harm the network."
The DeepNines Security Edge Platform, which is placed in front of the router, would be able to ensure that all packets coming into and out of the network are inspected for malformation or malicious behavior. The platform's behavior monitors also could determine if there was an increase of traffic to vulnerable ports and further inspect that traffic for malicious intent.
Cisco advisory document No. 63708 says that "affected devices that must run ITS, CME or SRST are vulnerable, and there are not any specific configurations that can be used to protect them ... and putting firewalls in strategic locations may greatly reduce exposure until an upgrade can be performed."
"We wonder exactly how a company is supposed to put a firewall in front of its router if it is on a DS3 or a T1," Jackson said. "The DeepNines Security Edge Platform extends out in front of the router to provide the same layers of protection that otherwise are offered only behind firewalls, where, in some cases, it's too late if bad traffic has made its way that far inside." blog comments powered by Disqus