Cisco定义了自己的一套安全开发标准: CSDL – The Cisco Secure Development Lifecycle
恭喜!
Cisco has defined a development standard called the Cisco Secure Development Lifecycle (CSDL). This process is designed to ensure that Cisco produces secure and resilient products by identifying and implementing specific processes or tools to enable engineers to detect, fix, mitigate and prevent design and code weaknesses that could become exploitable. 阅读全文
From:BreakingPointLabs
Last week Cisco released patches in their semi-annual security announcement. The publication includes 11 advisories that address 12 individual vulnerabilities. Ten of the advisories address vulnerabilities in Cisco IOS and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Together these can affect routers and switches that not only use the Cisco Unified Communications Manager, but any device relying on the Cisco IOS operating system. To put it bluntly, this means a ton of devices critical to any network and these vulnerabilities leave businesses and government agencies exposed to a barrage of attacks including denial-of-service (DDoS) or policy bypass.
阅读全文
原文来自BlackSun,梦醒时分翻译。这是一篇非常好的文章,很高兴能和大家共享!
注::为梦醒时分的话
警告:
不要用这破坏cisco系统,或非法访问系统。这篇文章只是以学习为目的。只可以用在合法行为,不能破坏任何系统。这篇文章将一步一步的向你展 示如何利用发现的缺陷来获得非法访问。如果你攻入了一个cisco路由器,或者扰乱了系统,将会中断数百个网络客户机,造成大量损失。所以,只可以在被允 许的情况下进行,否则你将会有许多麻烦!
阅读全文
