Home / Networking / Cisco releases guides for incident responders handling hacked Cisco gear

Cisco releases guides for incident responders handling hacked Cisco gear


Cisco published last week four guides designed to help incident responders in investigating Cisco gear they suspect has been hacked or otherwise compromised.

The guides include step-by-step tutorials on how to extract forensic information from the hacked gear while keeping the data integrity’s intact.

Four guides have been made available, for four of Cisco’s major software platforms:

All guides contain about the same information, namely procedures for collecting platform configuration and runtime state, examining system image hashes for inconsistencies, verifying proper signing characteristics of FTD system and running images, retrieving and verifying the memory text segment, generating and retrieving both crash info and core files, and examining the ROM monitor settings for remote system image loading.

Cisco released the guides on the company’s Tactical Resources portal. Previously, the portal only included guides for checking the firmware/OS integrity of various Cisco gear.


The only major software line for which Cisco did not release an incident response guide is Cisco IOS XR, the software that runs on carrier-grade routers.

The security guides might come in handy for a lot of folks, especially since Cisco has recently patched a series of critical security flaws impacting IOS XE routers and its popular line of Small Business 220 Series smart switches, both considered easy to exploit and bound to come under attack.

In similar news, a week before, on August 22, Cisco’s Talos security team open-sourced 4CAN, a tool for finding security flaws in on-board car computers.

Source link

About admin

I'm a 50 year old PLC programmer from Burnley, UK. I severed my time as an electrician in the baking industry and soon got involved with the up and coming technology of PLC's. Initially this was all based in the Uk but as the years went by I have gradually worked my way around the globe. At first it was mainly Mitsubishi with a bit of Modicon thrown in but these days the industry leaders seem to be the Allen Bradley range of PLC and HMI’s.

Check Also

It wasn't just you, the NBN was slower at the back end of March

Image: ACCC The Australian Competition and Consumer Commission (ACCC) released its first monthly edition of ...

Leave a Reply

Your email address will not be published. Required fields are marked *