Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I know if I have an NSA enabled bios on a Cisco ASA?

 

I read on NSA TAO catalogue that they have BIOS firmware for the ASA that provides a backdoor ASA can't be removed by changing the image and is persistent.

I am fully aware of the integrity mechanisms to verify the integrity of an image using the MD5 hashes, but I would like to know if there is any way I can read the BIOS from two different ASA's and make a comparision?

 

I have two Cisco ASA's which were bought around the same time, one was through a HK distributor the other was through a China distributor that has an office in HK. The HK one can be upgraded to ASA915 version software but the other can't. The Bios hardware, and everything seems to be identical on both of them.

 

Whilst we are on the subject does Cisco have any plans in releasing any tools for us to verify the integrity of products further at present or we going to be left to the mercy of NSA and others.

Everyone's tags (2)
2 REPLIES

Hi Albert,You may be

Hi Albert,

You may be interested in reading the summary of the Cisco PSIRT investigation and response:

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel

 

cheers,

Seb.

New Member

Thank you.I don't want to

Thank you.

I don't want to focus on what has been done, who is right, wether there is proof or not. Whether J. Chambers going to see Obama was a token gesture or not is beyond what I can judge. I understand that legal system can stop Cisco from commenting or acting.

I think public 3rd party evaluation as to what is running inside an ASA is important and it is a way that would allow us to try to  re-establish some trust and have an answer when customers question us about the integrity of Cisco products.

 

If Cisco don't want or can't provide tools for to verify the integrity of their products, it would be nice if at least someone somewhere could tell us how we lift the bios out of an ASA and we can look at it.

Thank you.

132
Views
0
Helpful
2
Replies