Hacking Exposed Cisco Networks" (HECN) by Vladimirov, Gavrilenko, Vizulis and Mikhailovsky is the first book of it's kind to focus entirely on hacking the Cisco product line. The book offers a novel concept, and goes into some undocumented areas, but please do not expect to be seeing the enable-mode router prompt by page 50. My first impression of Hacking Exposed Cisco Networks is that the book was simply 'rushed' to market. The book begins with an intro by Michael Lynn, who made a name for himself at the 2005 Black Hat Briefings by 'publicly demonstrating the ability to reliably exploit buffer overflows on Cisco routers.' My feeling is that after the Black Hat Briefings, a rush was put on HECN to have it published simply to ride on this wave.
The book is divided into 3 Parts and 1 Appendix and includes a total of 14 chapters.The first section, Foundations, gives a review of Cisco design models, different security elements (firewall, IDS, VPN and AAA) and examples of real world security issues.
The second section (and the main section of the book) is titled `Hacking the Box' and dives into various methods of penetrating Cisco devices.The first chapter in this section discusses using different information sources to develop a profile (what to search for on a web search engine, autonomous system discovery, Internet routing servers and tables, etc..).Next, a 50 page chapter discusses enumerating and fingerprinting Cisco devices. Subsequent chapters discuss password attacks, SNMP community string attacks, wardialing, IOS exploitation and password cracking.After penetrating a device, the next chapter shows how to exploit and preserve access.
The last section discusses protocol exploitation, which needs not be focused solely on Cisco devices; most of these attacks are common across all vendors.This includes chapters on exploiting Vlans, GRE packet injection, EAP-LEAP cracking.The last chapter discusses routing protocol exploitation including exploits for RIP, EIGRP and BGP. The Appendix includes listing undocumented Cisco commands.While these commands can also be found on the web, the book discusses ways to use the commands in context of a hacking exploit.
Some of the items I found useful from HECN:
* Chapter 4 provides a respectable list of AS profiling techniques. Starting on page 108 is an excellent introduction to a tool to help sniff routing updates (the autonomous system scanner).
* Chapter 5 provides a great chart on Cisco specific protocols (page 124). The chapter also has a very good discussion on Cisco fingerprinting.
* Chapter 8 provides a one-of-a-kind discussion on IOS memory dissection. I was extremely impressed by the discussion on stack heaps. The TFTP buffer overflow on page 281 is a great example of where the future of Cisco IOS hacking may lie.While some believe buffer overflows are soooo 2005, I think believe there is amply room to further explore this within the context of Cisco devices.
HECN also has some weak areas:
* page 24 - mentions all routers support NTP - not true, some of the lower-end IOSs only support SNTP.
* page 28 - mentions `extra flags' for UDP connections. UDP has no flags, but certainly TCP does.
* page 133 - mentions a tool, the "ST-divine tool", as available on the book's website, but the tool is not listed at the book's website.
* Chapters 1 and 3 really don't offer anything new, and only distract from the overall quality of the book.
These and other such typos/editorial mistakes don't distract too much from the overall focus of HECN. The book tries to be a proof-of-concept with many different exploits. One feels that the authors were huddled around a few Cisco boxes, trying whatever exploits they could find to bust the box.It would be very easy to rack up some routers and switches, copy the configurations provided in the book, and follow them page by page as they perform various hacking techniques.
As an owner of over 50 books dedicated to Cisco, this book goes into an area not covered by any other book in my library.And, for that fact alone, I have to respect the book.However, I have to believe that if HECN had only gone through a further round of editing, that the overall structure of the book would be much better.In the end, I do recommend this book, simply because of the novelty of the subject and due to the amount of effort that is apparent throughout the text.
I give this book 4 pings out of 5:
!!!.!
Product Description
Here is the first book to focus solely on Cisco network hacking, security auditing, and defense issues. Using the proven Hacking Exposed methodology, this book shows you how to locate and patch system vulnerabilities by looking at your Cisco network through the eyes of a hacker. The book covers device-specific and network-centered attacks and defenses and offers real-world case studies.
From the Back Cover
Implement bulletproof Cisco security the battle-tested Hacking Exposed way
Defend against the sneakiest attacks by looking at your Cisco network and devices through the eyes of the intruder. Hacking Exposed Cisco Networks shows you, step-by-step, how hackers target exposed systems, gain access, and pilfer compromised networks.All device-specific and network-centered security issues are covered alongside real-world examples, in-depth case studies, and detailed countermeasures. It's all here--from switch, router, firewall, wireless, and VPN vulnerabilities to Layer 2 man-in-the-middle, VLAN jumping, BGP, DoS, and DDoS attacks. You'll prevent tomorrow's catastrophe by learning how new flaws in Cisco-centered networks are discovered and abused by cyber-criminals.Plus, you'll get undocumented Cisco commands, security evaluation templates, and vital security tools from hackingexposedcisco.com.
- Use the tried-and-true Hacking Exposed methodology to find, exploit, and plug security holes in Cisco devices and networks
- Locate vulnerable Cisco networks using Google and BGP queries, wardialing, fuzzing, host fingerprinting, and portscanning
- Abuse Cisco failover protocols, punch holes in firewalls, and break into VPN tunnels
- Use blackbox testing to uncover data input validation errors, hidden backdoors, HTTP, and SNMP vulnerabilities
- Gain network access using password and SNMP community guessing, Telnet session hijacking, and searching for open TFTP servers
- Find out how IOS exploits are written and if a Cisco router can be used as an attack platform
- Block determined DoS and DDoS attacks using Cisco proprietary safeguards, CAR, and NBAR
- Prevent secret keys cracking, sneaky data link attacks, routing protocol exploits, and malicious physical access
Click Here to see more reviews about: Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions (Paperback)
No comments:
Post a Comment