DALLAS--(BUSINESS WIRE via COLLEGIATE PRESSWIRE)--Nov 12, 2004--As yet another Cisco vulnerability has been identified, Deep Nines Inc. continues to press the market to protect their routers. Today`s vulnerability causes router devices to receive specifically crafted DHCP packets that force the inbound interface to stop processing traffic. The attack has the ability to stop processing packets destined to the router, including routing protocol packets and ARP packets. The significance of this vulnerability is that no alarms are triggered, nor will the router recognize the attack and correct itself. DeepNines Security Edge Platform(TM), a patent-pending, comprehensive security platform that sits in front of the router, can eliminate the threat of such vulnerabilities in the first place. The DeepNines Security Edge Platform serves as the single, centralized network security and traffic management system for an entire organization and integrates firewall, intrusion prevention, secure content management, forensics and reporting. The platform is configured during installation to identify and stop exploits that could be developed by hackers to take advantage of vulnerabilities like this. Additionally, using DeepNines` Adaptive Rate Control and intelligent firewall functionality, all bootp/DHCP traffic is inspected and controlled to ensure that it is legitimate to the network.
''From our point of view, this has been a tough couple of weeks for Cisco. Just last week a group of hackers advertised their Pix firewall source code for sale and now DHCP, which provides a basic service request within routers, is further exposing their routers,'' said Dan Jackson COO and president of DeepNines. ''These targeted attacks against Cisco won`t relinquish any time soon because hackers have proven to focus on technologies with the biggest market share. It`s time we take security to the furthest point of the network and deploy a solution in front of the router. We are the only network security company that can offer router protection and are prepared to help secure the extensive investments networks hold.''
In addition to deploying the Security Edge Platform in front of the router, DeepNines professional services group recommends a work around by applying ACL`s to the router to stop this type of behavior or upgrade the IOS. This will create an additional problem as it is proven that ACL`s will continue to decrease the performance of the router and is only a temporary solution.
DHCP, which configures both private and dynamic host configuration, is a basic service request within Cisco routers and by default is configured to accept both of these packets and forwards DHCP and BootP packets across separate broadcast domains. The problem is that Cisco routers are configured by default to accept DHCP packets and a command ''service dhcp'' will not appear on the configuration display. However, the only command that is visible and will disable this feature is ''no service dhcp,'' which will then appear on the configuration display. Ultimately, certain DHCP packets will remain undeliverable, but will remain in the queue instead of being dropped. For example, if a number of packets are sent that equal the size of the input queue, no more traffic will be accepted and a Denial of Service will be created. Furthermore, on a blocked Ethernet interface, Address Resolution Protocol (ARP) times out after a default time of four hours, and no inbound or outbound traffic can be processed, including both IP and non-IP traffic such as IPX. The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention. If the attack is repeated on all interfaces, it causes the router to be inaccessible.
''We find our newly announced relationship with DeepNines timely as the events unfolding are demonstrating how the edge router is a known point of vulnerability for almost any network,'' said Babak Pasdar, Founder and chief information security officer of igxglobal. ''Transparent edge security is a proven approach to protect this exposed part of a network.''
About Deep Nines Inc.
DeepNines offers a scalable security platform for Global 2000 companies with a vertical market focus in education, government, telecommunications, energy and financial services. The DeepNines Security Edge Platform(TM) integrates intelligent firewall, intrusion prevention, best of breed secure content management functionality, forensics and reporting that operates outside the network infrastructure, improving organizations` security ''deep into the nines.'' DeepNines` Security Edge Platform, the company`s patent-pending security system, is a fully automated intrusion prevention and traffic management system and serves as the single, centralized network security system for an entire organization. The Security Edge Platform runs on Solaris and Linux platforms from Sun Microsystems. To learn more about Deep Nines visit www.deepnines.com.
(C)2004 Deep Nines, Inc, DeepNines Technologies, Security Edge Platform, Security Edge System, Sleuth9 Security System, Sleuth9, ForensiX Capture System, Holistic Management Console, and Zero Footprint Technology are trademarks and/or registered trademarks of Deep Nines Inc. All other brands and products are trademarks and/or registered trademarks of their respective owners.
|