- #SAF CISCO IOS VERSION COMMAND INSTALL#
- #SAF CISCO IOS VERSION COMMAND SOFTWARE#
By obtaining privileged access to the Cisco IOS XE platform shell and install a *unix-based rootkit. By modifying the ROM monitor on systems with flash-based ROM monitor storage. In this case, the malware is not persistent and a reload will remove the in-memory malware from the Cisco IOS XE device. By tampering with Cisco IOS XE memory during run time. These types of malware would be persistent and would remain after a reboot. 
#SAF CISCO IOS VERSION COMMAND SOFTWARE#
By altering the software image stored on the onboard device file system. Malicious software in Cisco IOS XE Software may be introduced in the following ways: On Cisco devices running Cisco IOS XE Software, a limited number of infection methods are available to malware. In general, malware can be installed by using various methods, including using stolen administrator credentials, leveraging insecure physical access to devices, exploiting vulnerabilities on the system, or by manipulating an authorized user via a number of social engineering attacks. Methods for using telemetry data to identify possibly compromised infrastructure devices are discussed in the Telemetry-Based Infrastructure Device Integrity Monitoring white paper. Potentially, sophisticated Cisco IOS XE malware would attempt to hide its presence by modifying Cisco IOS XE command output that would reveal information about it.Īn additional property of malware is the capability to be remotely programmable from a command-and-control (C&C) server. Malware may be designed to monitor and exfiltrate information from the operating system on which it is running without being detected. 
One of the characteristics of effective malware is that it can run on a device stealthily in privileged mode. Malware is software created to modify a device's behavior for the benefit of a malicious third party (attacker). Customers running Cisco IOS Software can refer to Cisco IOS Software Integrity Assurance. This document applies only to Cisco IOS XE Software and to no other Cisco operating systems. Additionally, the document presents common best practices that can aid in protecting against attempts to inject malicious software (also referred to as malware) in a Cisco IOS XE device. This document analyzes injection of malicious software in Cisco IOS XE Software and describes ways to verify that the software on a Cisco router, both in device storage and in running memory, has not been modified. Use Centralized and Comprehensive Logging Use TACACS+ Authorization to Restrict Commands Use Authentication, Authorization, and Accounting Maintain Cisco IOS XE Image File Integrityĭeploy Digitally Signed Cisco IOS XE Images Verify MD5 Validation Feature for the Text RegionĬhecking That IOSd Call Stacks Are Within the Text Section BoundariesĬhecking Platform Shell Access Logs and Syslog Verifying Authenticity for Digitally Signed ImagesĬisco IOSd Run-Time Memory Integrity VerificationĬompute the MD5 Checksum of a Known-Good Text Section Using the Message Digest 5 File Validation Feature Architecture Notes and Differences with Cisco IOS Software
0 kommentar(er)
