11-17-2008 10:49 AM - edited 03-04-2019 12:22 AM
Cisco Newbie - know nothing
One of our subsidiary companies has a Cisco 2821 connected to both data and voice providers links. This device is uspported by a thrid party. Recently the device was compromised and a large phone bill was run up with the calls being made from the Cisco 2821. The local maintainer made changes to the 2821 as a result of the compromise (I have details of the cisco config logs before and after the change). My question is - is there ahjyway to interrogate the cisco config to ascertain what secuirty fixes have been applied and when ?
Many thanks for any help you can offer ?
11-17-2008 11:00 AM
Not that I know of. There's not really "security fixes" in the Cisco environment compared to Windows update. Cisco releases IOS versions to fix issues. You could find out what version you are currently running by doing a sh ver at the command line, but that will only tell you the IOS version you're running. You can also do a sh flash or dir and it will show you the files that are in flash. It's possible that you could have two IOSs stored in flash, and one being an earlier version than the current one. (Not everyone has to delete the current version before updating to the new.)
--John
11-17-2008 11:44 AM
If you have a before and after copy of the configs, you can run any common "DIFF" utility to see what has changed.
When the changes happened is more difficult to ascertain without prelimary setup.
11-17-2008 12:51 PM
My first question would be whether the 2821 was compromised because of a vulnerability in the version of IOS or was it a lack of security measures enacted on the 2821 thru the configuration.
11-18-2008 06:43 AM
99.9% of of the time is your latter presumption. Unskilled engineers deploying configurations they have no idea what they do e.g not turning off unused services, etc.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: