- #Cisco ios xe image download install#
- #Cisco ios xe image download software#
- #Cisco ios xe image download series#
The most important process running on Cisco IOS XE device is the IOSd process, which provides control plane functionality. Therefore, it is imperative that an administrator protect access to the Linux OSīecause Cisco IOS XE features a layered architecture, different processes handle different functions.
#Cisco ios xe image download series#
This opens a series of new attack vectors because an attacker that has access to the operating system could potentially use any available root kit for Linux to manipulate the system. The most notable difference is that Cisco IOS XE is based on the Linux kernel.
#Cisco ios xe image download software#
While Cisco IOS XE Software has a lot of similarity with Cisco IOS Software, there are some important architectural differences that are relevant when talking about attack vector and forensic analysis of a device running Cisco IOS XE Software. The control plane is managed by the IOS daemon (IOSd), which inherits most properties and features from the Cisco IOS operating system. It features a layered architecture providing control plane and data plane separation. By a combination of some or all of the preceding mechanismsĬisco IOS XE is a Linux-based operating system (OS) running on various Cisco platforms.
#Cisco ios xe image download install#
By obtaining privileged access to the Cisco IOS XE platform shell and install a *unix-based rootkit. By modifying the ROM monitor on systems with flash-based ROM monitor storage. In this case, the malware is not persistent and a reload will remove the in-memory malware from the Cisco IOS XE device. By tampering with Cisco IOS XE memory during run time. These types of malware would be persistent and would remain after a reboot. By altering the software image stored on the onboard device file system. Malicious software in Cisco IOS XE Software may be introduced in the following ways: On Cisco devices running Cisco IOS XE Software, a limited number of infection methods are available to malware. In general, malware can be installed by using various methods, including using stolen administrator credentials, leveraging insecure physical access to devices, exploiting vulnerabilities on the system, or by manipulating an authorized user via a number of social engineering attacks. Methods for using telemetry data to identify possibly compromised infrastructure devices are discussed in the Telemetry-Based Infrastructure Device Integrity Monitoring white paper. Potentially, sophisticated Cisco IOS XE malware would attempt to hide its presence by modifying Cisco IOS XE command output that would reveal information about it.Īn additional property of malware is the capability to be remotely programmable from a command-and-control (C&C) server. Malware may be designed to monitor and exfiltrate information from the operating system on which it is running without being detected. One of the characteristics of effective malware is that it can run on a device stealthily in privileged mode. Malware is software created to modify a device's behavior for the benefit of a malicious third party (attacker). Customers running Cisco IOS Software can refer to Cisco IOS Software Integrity Assurance. This document applies only to Cisco IOS XE Software and to no other Cisco operating systems. Additionally, the document presents common best practices that can aid in protecting against attempts to inject malicious software (also referred to as malware) in a Cisco IOS XE device. This document analyzes injection of malicious software in Cisco IOS XE Software and describes ways to verify that the software on a Cisco router, both in device storage and in running memory, has not been modified. Use Centralized and Comprehensive Logging Use TACACS+ Authorization to Restrict Commands Use Authentication, Authorization, and Accounting Maintain Cisco IOS XE Image File Integrityĭeploy Digitally Signed Cisco IOS XE Images Verify MD5 Validation Feature for the Text RegionĬhecking That IOSd Call Stacks Are Within the Text Section BoundariesĬhecking Platform Shell Access Logs and Syslog Verifying Authenticity for Digitally Signed ImagesĬisco IOSd Run-Time Memory Integrity VerificationĬompute the MD5 Checksum of a Known-Good Text Section Using the Message Digest 5 File Validation Feature Architecture Notes and Differences with Cisco IOS Software
0 kommentar(er)
