In our the last installment of our network security horror stories (part one was on Change Control and part 2 on Firewall Misconfigurations) and today we’re going to focus on router misconfigurations. Like firewalls, routers play an important part of your organization’s network, but unlike firewalls they are not a security appliance. Even though routers main purpose isn’t security focused, it doesn’t mean that you can’t secure them. Here are a few classic router misconfiguration examples that I’ve come across:
1. HTTP Open on the Router
While reviewing security for a company from the perimeter I discovered that HTTP was enabled on their core Cisco routers. They were both running very old versions of the IOS and were using the default credentials to log into the device. After getting into the router I was able to escalate to “enable” mode and could in theory have changed routes or wiped the NVRAM.
After speaking with the network owners we quickly removed the HTTP service from the core routers and dodged a bullet.
2. Password Files Stored on Router
Everyone knows that if you’re going to store passwords you should do it in a secure manner as to not divulge your credentials. Well, in this instance an admin decided to store all of the company’s credentials in a Microsoft Word file on the router’s storage. This router was running SSHv1 and penetration testers were able to gain access to the system. After finding this file they were given complete access to the company without blinking an eye.
When the admin was confronted about the file being stored his response was, “But you can’t open the .doc file on a Cisco router!!”. He obviously wasn’t getting it.
3. Telnet Open to the LAN
At this one particular site, the security of the network was in dire shape. With multiple other issues happening in the network at the same time, security took a back seat. One instance that comes to mind was the way they accessed their networking gear. Since all systems were in the same VLAN the network was completely flat and without segregation. I actually witnessed admins telnet into core routers/switches from user workstations to make config changes. Although this was never compromised to my knowledge it was an accident waiting to happen.
I spoke to their management about the importance of improving their security and at the time they were focused on other initiatives. I’m hoping they’ve made some improvements because using an insecure remote protocol, without segregation or ACLs will eventually get this company thoroughly owned.
Routers like firewalls or any system for that matter need to be secured. It only takes one within a system to have your entire network compromised. Routers play an important function in your network and protecting them should be a priority. Following proper change management when making changes to your routers and following proper security standards will help keep these core devices safe.
Receive notifications of new posts by email.