Cisco recently released four guides designed to help them incident responders investigate Cisco tools that are suspected of being hacked.
The guides include step-by-step tutorials on how to obtain forensic information hacked gear, while maintaining data integrity.
Four guides are available for four major Cisco software platforms:
- Cisco ASA (Adaptive Security Appliance) - software running on security devices that combine firewall, antivirus, intrusion prevention and virtual private network (VPN).
- Cisco IOS (Internetwork Operating System) - a proprietary operating system that works with most Cisco switches and routers.
- Cisco IOS XE - a Linux-based operating system running on Cisco switches and routers.
- Cisco FTD (Firepower Threat Defense) - software combining Cisco ASA technology and Firepower technology. Used in Cisco firewall hardware.
All guides contain the same information, that is, procedures for collecting platform settings and execution status, examining system image gaps for inconsistencies, verifying FTD system signature features, and executing images and retrieving and verifying memory text .
Cisco released the guides on its Tactical Resources portal company. Previously, the portal only included guides for checking the integrity of various Cisco firmware / operating systems.
The only important series software for which Cisco has not published an incident response guide is Cisco IOS XR, the software that runs on high quality routers.
The drivers security can be useful for many people, especially because Cisco has recently fixed a number of critical security issues affecting them routers IOS XE and the popular Small Business 220 Series smart switches, which are considered easy to exploit and target attack.
In other news, on August 22, Talos security team launched 4CAN, a tool for finding security flaws in car computers.