![]() The director can also perform on-demand configuration and software image updates of a switch or a group of switches in the network. If a standalone switch in the network is replaced by another switch of the same SKU (a switch with the same product ID), it automatically gets the same configuration and image as the previous one. ![]() It can allocate an IP address and host name to a client. When a client switch is first installed into the network, the director automatically detects the new switch, and identifies the correct Cisco IOS image and the configuration file for downloading. The director provides a single management point for images and configuration of client switches. In a Smart Install network, you can use the Zero-Touch Installation process to install new access layer switches into the network without any assistance from the network administrator. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.Ī network using Smart Install includes a group of networking devices, known as clients, that are served by a common Layer 3 switch or router that acts as a director. ![]() 5.Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. I am hopeful that the information shared makes both network administrators and security professionals aware of these misconfigures and provides a reference to further improve securing Cisco networks. nmap -sU -p69 -script tftp-enum.nse įigure 20: Port Descriptions 4.0 ConclusionĪs I briefly demonstrated, obtaining a Cisco configuration file could provide an attacker the required information to establish a foothold and laterally move across a network. Since TFTP does not provide a directory listing, the NSE script performs basic enumeration of common Cisco configuration file names. 2.0 Configuration File Download 2.1 TFTPĪfter identifying a TFTP server during the reconnaissance phase, I will rescan the exposed TFTP server port utilizing Nmap with the tftp-enum.nse script. Not only do configuration files provide information regarding the device, but they also provide additional avenues for further enumeration and possible lateral movement, such as physical and logical neighbor relations, password reuse, user enumeration, and applied access control lists (ACL). Each one of these services provides an avenue to exploit a misconfiguration to download a Cisco configuration file.Ĭisco configuration files can provide a wealth of knowledge for an attacker. Today, I have taken that knowledge and used it to demonstrate how to compromise networks so that I can help clients strengthen their security posture.ĭuring the reconnaissance phase of a penetration test, I typically look for an exposed TFTP, SNMP, and Cisco Smart Install (SMI) service on a network. During that time, I performed best practice assessments aimed at identifying misconfigurations that could lead to a network compromise. ![]() Prior to making a career change to offensive security, I spent over 15 years working for a Cisco partner designing and implementing enterprise and VoIP networks. By Michael Bond in Penetration Testing, Security Testing & Analysis 1.0 Intro ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |