Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)归海一刀
published in(发表于) 2014/5/27 9:21:42
Youth network： United States Cisco router preferences “backdoor“ trying to do

United States Cisco company information product has a very high market share in the Chinese market, the router participates in almost all basic information important information systems network and construction of major projects. So far, Cisco information products, including routers, there are serious security vulnerability has been disclosed. Over the past decade, only publicly available CVE Web site about Cisco products vulnerabilities more than more than more than 1300, where the router vulnerabilities more than 166. The most intolerable is that detected according to the authority of domestic network security technology sector, Cisco routers have large preset "back doors"!

United States "the Prism program" exposure, cover the fig leaf was unveiled at its head, United States man the abominations in cyberspace is strongly condemned by the world. The United States Government has, comprehensive large scope of information monitoring of its citizens, to have multiple state politicians, businesses and public organizations qiemi and listening activities, and to China in particular has long been implementing large-scale, intensive network attack and penetration. A universally acknowledged fact is that United States is the world's largest online attackers and qiemi. And as a country of information technology, China is the biggest victim of cyber attacks. Much of China's key basic information networks and critical information systems be set "back doors" or placing "Trojan horse", a large number of network virus-infected "zombie" or by Terminal remote control became "broiler". In this one, from Cisco systems failed to comply with a technology company does not participate in the Government's foreign policy a minimum of business ethics, and the United States Government, army was evident in the two territories, networked information technology products for the market in China with its advantages, played a disgraceful role, becoming United States implementation of important technologies rely on Internet power. There is even evidence that Cisco has actively participated in the United States Government and military organizations "network storm" exercise, and exercise one of the most important designers.

In Cisco's routers, many loopholes at first sight to be unintended design or technical vulnerabilities, and in-depth testing, you will find that many these vulnerabilities are in fact a preset style "back doors". For example, the Cisco router VPN tunnel variety of mainstream product communication and cryptographic module presets "back doors". Take advantage of this "back door", an attacker can obtain a key core of sensitive data, such as, attack programs can restore a VPN encrypted information content, data monitoring. For example, more than Cisco routers present covert surveillance trapdoor. Through the trapdoor of the presets, an attacker can covertly through Cisco router networks carry data mirroring on a selective basis to specified IP addresses, provide data for network monitoring conditions. From administrators to properly manage interface and configuration files, but not aware of these illegal mirrors of data transfer. As another example, Cisco routers in the maintenance module exists in the back door of the remote control, remote network data can be used to trigger, or can be triggered by specific directives, to configure Cisco routers, and manipulation. In addition, Cisco router access authentication mechanism design series, there are many unknown security vulnerabilities, an attacker can bypass authentication mechanisms to get the highest administrative authority, some can be made right after any modification of the firmware code, malicious codes or backdoor password embedded in the firmware, and choose trigger.

Cite United States Cisco router security issues, for example, is so shocking.

Stark reality warning us that critical network information system in China cannot be achieved in the short term self controllable circumstances must be against the United States Government and Cisco systems, to take active and effective security policy to ensure that basic information network in China and important information systems security control. First, including Cisco routers, more rigorous safety testing of products, thorough investigation of preset types through the back door, statistical distribution of vulnerability to assess the impact on China's basic information networks and critical information systems degree. Second is active in the relevant industry data illegal Cisco router image on-line monitoring focused at the national level, the monitoring of online technology will be implemented step by step. Through online tracking monitoring, catch the exception, suspicious and remote qiemi data manipulation, analysis of their technical characteristics, developed disposal programmes, blocking qiemi data communications. Third, targeted delivery of Cisco router security reinforcing technology research, has found a back door, to take consolidation measures and the protection technologies, targeted programmes, independent development for Cisco router security reinforcing technology products, development of appropriate safety management measures, steps and phases to organize a pilot and the actual deployment. Four is an important part of critical network devices and software products based on vulnerability analysis and safety review mechanism, particularly on imported equipment as soon as possible the security detection mechanisms, in front of the Government procurement, the category implementation of key supply chain security audit of information technology products, in-depth vulnerability detection and analysis, blacklist with serious security problems for information technology products, limit the procurement application. V is for exchanging products, industrial automation and control systems, Cisco network security risks in areas such as networking, cloud computing, build specialized embedded operating system security research laboratory, carrying out vulnerability, vulnerability analysis, security, mining safety protection techniques and tools for testing and research and development, relevant assessment agency to provide technical support and resource-sharing services.

　　美国思科公司的信息产品在中国市场具有极高的占有率，其路由器产品几乎参与了中国所有基础信息网络和重要信息系统的重大项目建设。而一直以来，包括路由器在内的思科信息产品存在严重安全漏洞的报告屡屡被披露。近十年来，仅CVE网站公开发布的有关思科产品的漏洞就多达1300余个，其中，路由器的各类漏洞就有166个之多。最不可容忍的是，据国内网络安全权威技术部门检测发现，思科路由器存在严重的预置式“后门”！

　　美国“棱镜计划”曝光，盖在其头上的遮羞布被揭开，美国在网络空间大做手脚的恶劣行径受到世人的强烈谴责。美政府长期以来，对本国公民进行全面的大范围信息监控，对多个国家政要、企业和民众进行有组织的窃密和监听活动，特别是对中国长期以来实施大规模、高强度的网络攻击和渗透。一个举世公认的事实是，美国是当今世界上最大的网络攻击者和窃密者。而作为一个信息技术的后发国家，中国是网络攻击的最大受害者。中国大量关键基础信息网络和重要信息系统被设置“后门”或安置“木马”，众多网络被病毒感染成为“僵尸”或被终端远程控制成为“肉鸡”。在这其中，思科公司没有遵守一个科技公司不参与其政府对外政策的起码的商业道德，而是和美国政、军两界打得火热，利用其在中国网络信息市场的技术产品优势，扮演了不光彩的角色，成为美国推行互联网强权的重要技术依仗。甚至有证据表明，思科公司积极参与了美政府和军界组织的“网络风暴”演习，而且是演习重要设计者之一。

　　在思科路由器中，不少漏洞初看是无意的设计或技术漏洞，而深入检测你会发现，这些漏洞其实不少是预置式的“后门”。比如，思科路由器多款主流产品的VPN隧道通讯和加密模块存在预置式“后门”。利用这个“后门”，攻击者可获取密钥等核心敏感数据，攻击程序可还原VPN加密信息内容，实现数据监测。又如，思科多款路由器存在隐蔽监视陷门。通过这些预设的陷门，攻击者可以隐蔽地将流经思科路由器的网络数据选择性地镜像传输到指定的IP地址，为网络监视提供数据条件。而从管理员正常管理界面和配置文件中，却无法察觉到这些数据被非法镜像传输。再如，思科路由器在维护模块中存在可远程操控的后门，可使用远程网络数据触发，也可通过特殊指令触发，对思科路由器进行配置、操控。另外，思科路由器系列产品的访问认证机制设计上存在多处未知安全漏洞，攻击者可以绕过认证机制获得最高管理权限，有的可以在提权后任意修改固件代码，将恶意代码或后门口令植入到固件中，并择机触发。

　　仅举美国思科公司的路由器产品安全问题为例，就如此触目惊心。

　　严峻的现实警示我们，在短期无法实现我国关键网络信息系统自主可控的情况下，必须针对美国政府和思科公司的行为，采取积极有效的安全防护策略，确保我国基础信息网络和重要信息系统的安全可控。一是对包括路由器在内的思科信息产品开展更加严格的安全性检测，严查预置后门种类，统计漏洞分布，评估对我国基础信息网络和重要信息系统的影响程度。二是积极开展相关行业思科路由器数据非法镜像在线监测，在全国范围内有重点、分步骤地实施在线技术监测。通过在线全程跟踪监测，捕获异常、可疑窃密数据和远程操控行为，分析掌握其技术特点，制定处置方案，阻断窃密数据通讯。三是有针对性地开展思科路由器安全加固技术研究，针对已发现的后门，有针对性地采取加固措施和防护技术方案，自主开发针对思科路由器的安全加固技术产品，制定相应安全管理措施，分步骤、分阶段地组织试点和实际部署。四是建立重要部位关键网络设备和软件产品基于漏洞分析的安全审查机制，特别是对进口设备尽快建立安全性技术检测机制，在政府集中采购前，分类实施关键信息技术产品供应链安全审计，深入开展漏洞检测分析，对有严重安全问题的信息技术产品列入黑名单，限制采购应用。五是针对思科网络交换产品、工业自动化控制系统、物联网、云计算等领域的安全风险，建立专业化嵌入式操作系统安全研究实验室，全面开展漏洞挖掘、脆弱性分析、安全检测和安全防护技术方法研究和工具手段研发，为相关测评机构提供技术支撑和资源共享服务。

赞