Chapter 2. IOS Version Security

The first item to discuss when talking about router security is the router’s operating system (OS). The OS on Cisco routers is called Internetworking Operating System, or IOS. Most routers will be running an IOS version between 11.x and 12.x. By the time this book is published, Cisco may have released 13.x. Every OS has vulnerabilities, and IOS is no exception. These vulnerabilities generally allow an attacker to disable a router (a denial of service attack), collect information from a router (information leakage), or reconfigure a router (an actual compromise).

The Need for a Current IOS

A key aspect of every good security plan involves operating system security. Every operating system connected to the Internet is subject to attack. Hackers look for OS vulnerabilities to exploit. Cisco IOS has come under increasing scrutiny over the past few years. Bugtraq, a full disclosure vulnerability forum, reports 14 Cisco vulnerabilities between 1992 and 1999, 23 in 2000, and 42 in 2001. Once posted on Bugtraq, these vulnerabilities are seen by thousands of hackers a day and are used in numerous attacks. With such an increase in vulnerabilities, secure routers must have a current and stable version of IOS. The next section on IOS versions provides information on how to identify secure IOS releases.

Determining the IOS Version

You must know what IOS version your routers are currently running before determining whether you should use the latest release. To determine ...

Get Hardening Cisco Routers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.