Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    IOS Theft and Telephony: Something New to Worry About

    Written by

    Ellen Muraskin
    Published May 20, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      I assured readers with my first column that my job here is to report on VOIP, not to praise it. Which is why Im just as eager as anyone to get a read on the potential seriousness of the Cisco IOS source code theft and its implications for the reliability of IP-based communications.

      As reported by a Russian security Web site and confirmed by Cisco, hackers broke into the switching and routing giants network and stole 800MB of source code for IOS 12.3 and 12.3t. The IOS 12.3 operating system powers Ciscos networking product suite, including routers used in homes and small businesses and the 7000 series that makes up the Internet backbone. All of Ciscos infrastructure products—switches and routers—are exposed.

      I wrote five days ago that an IP voice application inherits the security of the data network. If someone can hack into your network infrastructure (typically composed of a Cisco router and switches) and bring it down, obviously, thats not a good inheritance. If your voice traffic is using voice over IP, it relies on the network infrastructure being robust. Whether its Ciscos Call Manager or anyone elses IP PBX youre using, a router &#1501 and very likely thats a Cisco router — fronts the system.

      /zimages/4/28571.gifClick here to read Ellen Muraskins column “VOIP Is as Secure as You Make It.”

      That router faces an IP WAN—a managed network—and as such is probably not the first of the hackers targets. But thats not long-term good news, according to my security maven. The first to be targeted may be the wholesale ISPs—the Sprints and MCIs and AT&Ts—whose lines and infrastructure of routers and switches form enterprises WANs as well as the Internet. Bring that network infrastructure down, and your phone and data system goes down with it. That scenario is the reason why many IP PBXs come with PSTN (traditional Public Switched Telephone Network) lifelines.

      Three days after the announcement of the theft, Cisco itself has no immediate assurance to offer the press. They officially reply:

      “Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public website just prior to the weekend. Cisco is fully investigating what happened. As a matter of policy, we take security very seriously and we continue to take every measure to protect our intellectual property, employee and customer information. Cisco will remain focused on its customers success and will continue to monitor the situation.”

      Ive also contacted major Cisco VOIP systems integrators, none of whom is willing to comment on the potential breach. I finally turned to Christopher King, CCISP, of Principal Security Group and former information security practice director at Greenwich Technology Partners, a major Cisco VAR with an active VOIP practice. I asked him if telecom or IT managers have something new to worry about here. His reply: “Hell, yes.”

      He described the situation as a waiting game, while hackers study the IOS source for vulnerabilities, manually code attacks to bring down routers and then automate the exploit (the attack) so that it proliferates throughout the Internet.

      Next page: What network administrators can do.

      IOS Theft and Telephony: Something New to Worry About – Page 2

      “LAN-only VOIP should be safe until the exploit becomes automated and makes its way into the corporate intranet— not across the Internet, but carried over inside a portable computer—sneakernet. This is how SQL Slammer and many worms got inside enterprises,” King said.

      The first routers to be attacked, he surmised, will be the ISPs and the corporate Internet-facing access routers. “The ISP will be the first the feel the Cisco pain. The LAN will be hit after the WAN.”

      ITs (and by extension, VOIP telecoms) best bet right now, he said, is to vigilantly monitor their perimeter router logs for the anomalies that might suggest assault. “Youre not going to know if anything goes wrong until it does,” King said. “The idea is that youve been doing this all along, so that you recognize something out of the ordinary. But the hard part for a network administrator is to figure out what constitutes an anomaly. Typically, no one vigilantly monitors their routers and switches for security anomalies.”

      Isnt there anything in particular to look for? Abnormally high CPU and memory utilization, and excessive dropped packets, King suggested, for starters. “A lot of out-of-the-ordinary log events suggest that the router is trying to do something it shouldnt.”

      /zimages/4/28571.gifFor more opinions on the fallout from the Cisco source code theft, see Channel Zone Editor Steven J. Vaughan-Nichols “Cisco Needs to Come Clean.”

      Firewalls are not capable of blocking these types of router-based hacks, King said. Even NIDS (network intrusion detection systems) are useless because they are reactive; the pattern of the exploit— the signature—is not yet known and therefore cannot be recognized. And with the size of this exposure—800MB of source code—King agrees that we could be looking at a series of varying attacks across a multitude of IOS-based platforms.

      “Typically there are two routers outside corporate firewalls, meaning your telco routers, like AT&T owns. Outside the corporate firewall is a corporate router, too—the demarcation point where the ISPs router connects to the corporations. If Im a hacker, I do a trace route to www.xxx.com to find out the path of IP addresses to a companys Web server and then figure out their architecture and pinpoint the router. Theres my target. There are some unprotected routers on the network.”

      Routers outside the firewall are more vulnerable, but if somebody can subvert a routing protocol (which runs across firewalls), then inside routers can be compromised, too, King said.

      The source code theft is not only a potential threat but a major embarrassment to the voice division of Cisco, which has had to reassure potential customers afraid to commit their phone systems to Windows 2000, the OS of the Call Manager core IP PBX. Cisco has pointed out that this Windows is a closed, hardened, proprietary version, therefore not prey to Microsofts hacker vulnerabilities or the system crashes of co-resident programs. Industry wisdom, in fact, was that Cisco was planning on defusing the issue by porting Call Manager to Red Hat Linux. Now its Ciscos own OS thats caught in the crosshairs.

      /zimages/4/28571.gif Check out eWEEK.coms VOIP & Telephony Center at http://voip.eweek.com for the latest news, views and analysis on voice over IP and telephony.

      Ellen Muraskin
      Ellen Muraskin
      Ellen Muraskin is editor of eWEEK.com's VOIP & Telephony Center. She has worked on the editorial staff at Computer Telephony, since renamed Communications Convergence, including three years as executive editor. Muraskin's work has also appeared in Popular Science magazine and other publications.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×