There was a Proof-of-Concept (PoC) demonstrated that exposed vulnerabilities in cisco routers at the Black Hat conference in Las Vegas this week. While this demonstrated vulnerabilities against cisco routers, it should be a warning that all devices on a network, regardless of role or vendor should be included in a patch management plan. The first link is to an article about the researcher that demonstrated the vulnerability. The second article is about the feasibility of router worms, and the researcher is quoted in the article
.
http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.BH.Lynn1
http://www.itworldcanada.com/a/ComputerWorld/6c12c0c8-c6e9-42ef-8278-1176bc9b78ee.html
Here are some key quotes from both articles:
"He ran his Proof-of-Concept (PoC) code and after a few seconds the remote router's "enable" shell popped up on his PC. He had gained full, remote access to a Cisco router without any authentication."
"Cisco hasn't officially acknowledged this flaw yet, but Lynn says they have fixed the problem in an April firmware release"
"If you keep your firmware versions up to date, you are probably fine."
"How should the perplexed network manager prepare to deal with a threat that may or may not materialize, perhaps in two years, perhaps five? Firstly, an attitude change is needed. "Many system administrators think of routers as a VCR or toaster, but they need to start thinking of it as a computer because it can be attacked in the same way as a computer can be," says Lynn."
"Ideally, that process should be automated, but if not, administrators should do it manually once a month or quarterly."
Recommendations to counter the threat:
1) Exercise a patch management plan for all devices on a network on a monthly or quarterly basis.
2) Keep backups of data or configurations for all devices on the network, and monitor any configuration changes.