Forum latest

But we're trying to help you!
General
Written by Daniel   
Saturday, 31 March 2007 10:05
Cisco's NAC Gets Hacked
— Tim Wilson, Site Editor, Dark Reading

MARCH 30, 2007 | Researchers in Germany today demonstrated a tool that allows an unauthorized PC to disguise itself as a legitimate client in a Cisco Network Admission Control (NAC) environment, effectively circumventing the networking giant's end-point security strategy.

In a presentation at the Black Hat Europe conference this morning, two researchers from ERNW GmbH, a German security and penetration testing firm, released a tool called "NAC Credential Spoofing." ERNW has informed Cisco of the vulnerabilities and the tool, but the switch maker has not responded yet, they say.



The tool springs from a couple of "design flaws" that ERNW discovered in Cisco's NAC, according to Michael Thumann, CSO at ERNW, who developed the tool with Dror-John Roecher, a senior security consultant. The flaws were found in the communication between the client and Cisco's Admission Control Server (ACS), and therefore would apply to any Cisco NAC environment, regardless of what hardware models or software versions were installed.

The first flaw is a lack of authentication between the client and the ACS server, Thumann explains. "The client has an IP address, but there's currently no way to authenticate the device," he says. "Any device could interact with the server at Layer 2." The introduction of IEEE 802.1x technology will eventually make this interface more secure, but the window remains open for now, he says.

"This is a little different than the other reports you may have seen, which are projections based on surveys or Internet crime reports," Bransford observes. "Everything we found is actually out there right now, on the open Internet."

The second flaw -- and this would apply to any NAC environment that relies on the client to provide its own policy compliance information -- is that there is no way to verify that the client is telling the truth about its configuration. "This means that a client can essentially be set up to lie to the policy server about its antivirus capabilities and so forth," Thumann says... More

Comment in the forums 

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either