Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
2
Replies

Console switch configuration

felixroll
Level 1
Level 1

‎07-15-2012 11:12 PM - edited ‎03-07-2019 07:47 AM

     What are the security issues in connecting a notebook to a console of the 2950 switch?

Can  virus or trojan enter into a switch during configuration session? If the answer is yes, what precoutions must I take to prevent such case?

Does anybody heard about such problem?

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎07-15-2012 11:47 PM

Hello Felix,

This is a very interesting question. The short and practical answer is - no, the switch can not be infected by a virus or a trojan through a console session.

The longer answer would be: it is not totally impossible but it is practically unheard-of. Infecting the switch through a console session is extremely impractical and difficult because of these reasons (and there are certainly more but these are the ones I see right now):

  • The 2950 switch uses a MIPS processor with a different instruction set than Intel or AMD based PCs. Thus, a machine code of a virus or of a trojan running on PCs is unable to run on 2950 switches per se, and vice versa. The virus would need to recompile itself before "downloading" itself to the 2950.
  • The console session does not allow direct access to executable code of the IOS either in the memory or in the FLASH. Thus, the virus would need to exploit a buffer overflow or a similar bug (if there is any of such type!) in the command interpreter that would allow it to inject its code into the IOS code.
  • The attack would be visible in the console session because the only way the virus could install itself into the switch would be via sending itself, character by character, to the switch. And because in a terminal emulator, we see the complete conversation carried between the PC and the switch, an attempt to infiltrate the switch via the console session would not go unnoticed (unless, of course, the virus somehow disabled the terminal emulator to not display these data - but that is an outright conspirative thinking).

As usual, in the world of IT, nothing is 100% secure. But ultimately, if something is or is not done depends mostly on whether it is reasonable enough to put effort into. Creating a virus that would infiltrate the 2950 - an end-of-life switch - via its console port is something way impractical and useless for anyone to invest the huge effort into. And certainly, the 2950 is immune to all existing PC-based infiltrations.

Do not worry about infecting your Cisco devices via the console session.

Best regards,

Peter

0 Helpful

johnlloyd_13
Level 9
Level 9

‎07-16-2012 12:31 AM

hi felix,

further adding on peter's excellent post, the only security issues when a PC is connected via console to a cisco device (router or switch) would be as below:

by default, the console port does not require a password for admin access. it should be configured with a line password as a security precaution:

Router(config)#line console 0

Router(config-line)#password

Router(config-line)#login

also, a user is logged in for 10 minutes and if you're away from your terminal while the  console session is active, an attacker has up to 10 minutes to gain privilege access. it is recommended that the exec-timeout is fine-tuned to limit the amount of time a user is logged in.

Router(config-line)#exec-timeout

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card