Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Backdoor in Cisco Routers and Firewalls.

The more I read about this NSA scandal (and yes, I do consider it a scandal) the less I trust US-based hardware and software companies.  There is no reason for anyone to doubt that all Cisco hardware comes with a backdoor.  Since such backdoors most likely exist it is a matter of time before hackers discover and exploit them.  This has already happened to Microsoft a number of times and there is no reason it could not happen to Cisco.  We no longer trust any of our Cisco hardware and have already started researching network alternatives.

This is no longer a crackpot conspiracy theory, it is reality.

In all liklihood we may use a series of firewalls to further insulate our network from intrusion.  To keep costs down we may keep our existing Cisco hardware in this topology, but we will not replace it with Cisco hardware when it fails or needs to be upgraded.  I am doing the same with my home network.

Over the past few months we have already moved all of our email to secure overseas servers and changed all of our antivirus software from McAfee to AVG and Avast.  We are also researching Linux distros to replace Microsoft.

If Cisco wants to protect their brand they need to either take a stand or see their market share continue to erode.  Surely there is ONE CEO at an American company that will take this stand and be a hero rather than continue to be a lap dog.

  • Other Security Subjects
2 ACCEPTED SOLUTIONS

Accepted Solutions

Backdoor in Cisco Routers and Firewalls.

Hi

use open source linux based firewalls and routers.

and check source cod

Re:Backdoor in Cisco Routers and Firewalls.

1. Show me where Cisco has had a hardware bug/malware in their equipment

The line needs to be drawn somewhere so we are focusing on the software end by using Open Source software and focusing on the hardware end by avoiding American hardware.

So you're saying it's OK to have anyone in the world develop the software, but only non-American companies can build the hardware??? Is it OK for North Korea to build our hardware? So the US government should "trust" that hardware built in another country doesn't have any hardware bugs or malware? Why do only American companies build bad hardware?

2. Trust Cisco again? How did they earn your trust in the first place? Seriously. What did they do that made you trust and believe in their products and the company?

3. If you want to bash Cisco's (or Linksys for a while) SMB gear, I'm right there with you. I don't like it either. Their Enterprise and Carrier grade equipment is different though. I think you're talking one end of the spectrum and I'm talking about the other.

You keep mentioning open source (which I fully support), but there's backdoors and bugs in that too. Yes the community can review the code and address any issues, but I don't think that happens as fast you think it does.

BTW, these "cheap" consumer routers are not just used by us stupid poor citizens, they are often installed in many large corporations at the fringes of the networks, including on production floors- all across America and the world.  It is good to know that none of them should be trusted to be secure.

I think you're starting to get it! They are insecure and can't be trusted and any engineer worth a salt should not permit them on the network.

And stupid and poor are your words, not mine.

17 REPLIES

Backdoor in Cisco Routers and Firewalls.

Hi

use open source linux based firewalls and routers.

and check source cod

New Member

Backdoor in Cisco Routers and Firewalls.

Actually this is exactly what we were working on.  Our network now has many layers of security that includes open source Asus routers.  We have an advantage in that our team consists entirely of engineers and programmers who have the technical skills to redesign the network.  We were able to replace the entire network for less than $2000.

Asus has embraced the open source router community much like AMD embraced the overclocking community many years ago.  I predict their router sales will skyrocket as Cisco's continue to decline.

When Cisco welcomed the NSA they sold their soul to the devil.    It is a sad day in America where trust in hardware and software from even former eastern block counties is higher than that from American companies.

Abandoning Microsoft is our current goal.  This will take more time, but by the end of next year we plan on being Microsoft free.

Silver

Backdoor in Cisco Routers and Firewalls.

Where's the proof that Cisco has been in on it? From what I've seen it seems like NSA has tried to implement rootkits and there is yet proof that they were successful in doing so.

How will your open source stuff protect you better. Have you checked all of the code? Maybe NSA has already backdoors into that code as well.

Daniel Dib
CCIE #37149

Please rate helpful posts.

Daniel Dib CCIE #37149 Please rate helpful posts.
New Member

I have never used such simple

I have never used such simple words on a Cisco Technical forum...... but the original poster is a genuine idiot.

Re:Backdoor in Cisco Routers and Firewalls.

I love conspiracy theories. Even better are the tools that spread them. Feel free to move your gear to China based companies. They have a fantastic reputation of corporate espionage. BTW, I shot Kennedy from the grassy knoll and Elvis lives in my basement apartment.


Sent from Cisco Technical Support Android App

New Member

Re:Backdoor in Cisco Routers and Firewalls.

Yeah, you are right.  I was just being paranoid.  Silly me.

http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/

Do you think if this is possible with one type of hardware it is not possible with other types of hardware?  My biggest concern with these backdoors is NOT that the NSA will hack our systems, it is that the backdoors would eventually be discovered by somebody.

BTW, all of our Cisco hardware was manufactured in... CHINA.

I will keep wearing my tinfoil hat in this case.   Conspiracy theories are only conspiracy theories if they are not proven  true.  So my choices are either trust "American" companies with their  hardware (which has backdoors) or trust opensource equipment which  MIGHT have backdoors, but at least the software is reviewable.  Easy decision.

@Daniel.dib

How will your open source stuff protect you better. Have you checked all  of the code? Maybe NSA has already backdoors into that code as well.

Actually as I mentioned we are a team of engineers and programmers.  One member of our team has actually been reviewing the Tomato Shibby software on his own - he really enjoys such projects.  He is looking at making some custom firmware based on Shibby.  So far he has not seen anything nefarious, and he is looking.

Re:Backdoor in Cisco Routers and Firewalls.

These are software exploits not hardware ones--big difference. It's an easy fix for you; get off the grid completely. Last I heard almost all vulnerabilities have been removed from paper and pen.

As Cisco moves towards IOS-XE and 64-bit code, they are using more and releasing more open source code. A lot of software has vulnerabilities whether it's a router, an application or an operating system. It's part of technology and moving forward.

You certainly can't expect perfection in Linksys/Netgear/DLink type equipment. It's cheap. It needs to be so the consumer will purchase it. The common person can't secure a router or wireless so how much money should be spent on the development of addressing security holes vs new features? If it were more profitable to fix vulnerabilities, vendors would release firmware updates instead of new models with new features.

New Member

Re:Backdoor in Cisco Routers and Firewalls.

These are software exploits not  hardware ones--big difference. It's an easy fix for you; get off the  grid completely. Last I heard almost all vulnerabilities have been  removed from paper and pen.

Yes, for the most part it is a software fix, and that is the niche that open source software such as Tomato, IPFire and PFSense fill very well.  Unfortunately hardware too can contain malware - ever hear of a hardware keylogger?  A router could have a chip "inplanted" with similar malware. The line needs to be drawn somewhere so we are focusing on the software end by using Open Source software and focusing on the hardware end by avoiding American hardware.

As  Cisco moves towards IOS-XE and 64-bit code, they are using more and  releasing more open source code. A lot of software has vulnerabilities  whether it's a router, an application or an operating system. It's part  of technology and moving forward.

It is going to be tough to trust Cisco again, open source or not.

You  certainly can't expect perfection in Linksys/Netgear/DLink type  equipment. It's cheap. It needs to be so the consumer will purchase it.  The common person can't secure a router or wireless so how much money  should be spent on the development of addressing security holes vs new  features? If it were more profitable to fix vulnerabilities, vendors  would release firmware updates instead of new models with new features.

That paragraph stunned me.  OK, so in summary the average consumer is not worth Cisco's time to bother making the equipment secure even though they have sold untold millions of them over the last decade?  BTW, these "cheap" consumer routers are not just used by us stupid poor citizens, they are often installed in many large corporations at the fringes of the networks, including on production floors- all across America and the world.  It is good to know that none of them should be trusted to be secure.

Re:Backdoor in Cisco Routers and Firewalls.

1. Show me where Cisco has had a hardware bug/malware in their equipment

The line needs to be drawn somewhere so we are focusing on the software end by using Open Source software and focusing on the hardware end by avoiding American hardware.

So you're saying it's OK to have anyone in the world develop the software, but only non-American companies can build the hardware??? Is it OK for North Korea to build our hardware? So the US government should "trust" that hardware built in another country doesn't have any hardware bugs or malware? Why do only American companies build bad hardware?

2. Trust Cisco again? How did they earn your trust in the first place? Seriously. What did they do that made you trust and believe in their products and the company?

3. If you want to bash Cisco's (or Linksys for a while) SMB gear, I'm right there with you. I don't like it either. Their Enterprise and Carrier grade equipment is different though. I think you're talking one end of the spectrum and I'm talking about the other.

You keep mentioning open source (which I fully support), but there's backdoors and bugs in that too. Yes the community can review the code and address any issues, but I don't think that happens as fast you think it does.

BTW, these "cheap" consumer routers are not just used by us stupid poor citizens, they are often installed in many large corporations at the fringes of the networks, including on production floors- all across America and the world.  It is good to know that none of them should be trusted to be secure.

I think you're starting to get it! They are insecure and can't be trusted and any engineer worth a salt should not permit them on the network.

And stupid and poor are your words, not mine.

6269
Views
5
Helpful
17
Replies
This widget could not be displayed.