You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Security Management White Papers

Cisco Security Advisory: IOS HTTP Authorization Vulnerability

Overview When the HTTP server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device. In that case, the user will be able to exercise complete control over the device. All commands will be executed with the highest privilege (level 15). All releases of Cisco IOS® software, starting with release 11.3 and later, are vulnerable. Virtually all mainstream Cisco routers and switches running Cisco IOS software are affected by this vulnerability. Products that are not running Cisco IOS software are not vulnerable. The workaround for this vulnerability is to disable HTTP server on the router or to use Terminal Access Controller Access Control System (TACACS+) or Radius for authentication.

Further White Paper Details
Publisher	Cisco	File Format	HTML & PDF
Date Published	June 2001	Downloads	9
Format	White Papers
Topics	Security Management

Did you find this white paper useful? 2 out of 5 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

Ethical Hacking and Risk Assessments

Publisher:
Global Knowledge

Cisco admits security blunder

Cisco has warned systems administrators that all releases of its IOS software - the primary control program used in its routers - present a security vulnerability to remote intruders. IT staff are being urged to disable the http server on the...

Channel:
Security Strategy

Cisco releases router software fix

The vulnerability is caused by a flaw in the way a Cisco router handles certain Internet data. Through internal testing, Cisco has discovered that devices running Cisco IOS software may be susceptible to a denial-of-service attack," said Jim Brady...

Cisco issues cyber attack alert

Cisco said in its advisory: "Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. A vulnerability in Cisco's Internetwork Operating System (IOS) could be exploited to crash...

Channel:
Security Strategy
Tags:
cisco

Cisco warns of VPN flaw

The list of affected products includes Cisco IOS, Cisco PIX Firewall, Cisco Firewall Services Module, Cisco VPN 3000 Series Concentrators and the Cisco MDS Series SanOS, according to the alert. Finnish researchers at the University of Oulu...

Cisco flags flaws in VoIP and router software

A feature called the Stack Group Bidding Protocol in certain versions of IOS is vulnerable to a remotely exploitable denial of service condition, according to a company advisory. Cisco also patched a vulnerability in its Internetwork Operating...

Channel:
Security Strategy
Tags:
flaw,
voip,
cisco

Cisco warns over IP phone flaws

Cisco suggests on its website that network administrators apply access control lists on routers, switches and firewalls that filter traffic to vulnerable conference stations and IP phones so that traffic is only allowed from stations that need to...

Channel:
VoIP security
Tags:
voip,
cisco

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Security Management White Papers

Cisco Security Advisory: IOS HTTP Authorization Vulnerability

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific