Common Security Attacks

Telnet Attacks

The Telnet protocol can be used by an attacker to gain remote access to a Cisco network switch. In an earlier topic, you configured a login password for the vty lines and set the lines to require password authentication to gain access. This provides an essential and basic level of security to help protect the switch from unauthorized access. However, it is not a secure method of securing access to the vty lines. There are tools available that allow an attacker to launch a brute force password cracking attack against the vty lines on the switch.

Brute Force Password Attack

The first phase of a brute force password attack starts with the attacker using a list of common passwords and a program designed to try to establish a Telnet session using each word on the dictionary list. Luckily, you are smart enough not use a dictionary word, so you are safe for now. In the second phase of a brute force attack, the attacker uses a program that creates sequential character combinations in an attempt to “guess” the password. Given enough time, a brute force password attack can crack almost all passwords used.

The simplest thing that you can do to limit the vulnerability to brute force password attacks is to change your passwords frequently and use strong passwords randomly mixing upper and lowercase letters with numerals. More advanced configurations allow you to limit who can communicate with the vty lines by using access lists, but that is beyond the scope of this course.

DoS Attack

Another type of Telnet attack is the DoS attack. In a DoS attack, the attacker exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. This sort of attack is mostly a nuisance because it prevents an administrator from performing switch management functions.

Vulnerabilities in the Telnet service that permit DoS attacks to occur are usually addressed in security patches that are included in newer Cisco IOS revisions. If you are experiencing a DoS attack against the Telnet service, or any other service on a Cisco device, check to see if there is a newer Cisco IOS revision available.