Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Research: New SOHO Router Vulnerabilities May Put Enterprises at Risk

Rogue small office, home office (SOHO) wireless routers could offer a side channel for attackers targeting enterprise networks through a new vulnerability to be presented by a researcher at Black Hat later this month. The talk will highlight a newly discovered attack technique using SQL injection against a database containing router files that can be tied together with more critical vulnerabilities to eventually escalate into an attacker gaining full root access to the router.

While at first blush it might seem that Zachary Cutlip's work finding these vulnerabilities in SOHO routers wouldn't be of much concern to enterprises, he warns that these type of devices often find their way onto corporate networks.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

"It's certainly not unheard of and probably not even uncommon to see these SOHO-type devices on commercial, larger-enterprise networks," says Cutlip, a security researcher at Columbia, Md.-based Tactical and scheduled Black Hat speaker. The convention will be held July 21-26 in Las Vegas. "Sometimes they're legitimate, sometimes they're not, but it's easy to forget that they represent a side door into your network because you unpack them, you plug them in, maybe do just enough configuration to get it working and kind of forget it's there. They work pretty reliably, but they also do represent a soft target."

While Cutlip is keeping some of the technical details of his talk close to the vest until Black Hat, what he is divulging is that much of his work centered on databases containing temporary files from Netgear routers.

"In this case, we're going to be exploiting a SQL injection vulnerability in a database that has very temporary data, but it has no valuable data whatsoever," he says. "By doing so, if we do it in just a certain way, it's going to give us access to some other vulnerabilities. Combining that with other vulnerabilities, the attack can be pretty successful."

The technique's success gives an attacker root-level access to the router, along with the ability to extract arbitrary files from the router file systems, including plain-text passwords. Cutlip says the specific vulnerabilities he uses in this particular attack wouldn't likely be found in enterprise routers, but the techniques he plans to demonstrate could likely yield successful attacks against a larger class of routers given some more work by security researchers or less benevolent hackers.

"This specific vulnerability that I'm going to be talking about is in an application on the device I don't think you would find on an enterprise device," he says. "That said, the exploit technique is more broadly applicable. I think once the audience sees how I'm combining this unlikely vulnerability with this other higher-value vulnerability, I think that's the kind of thing you're likely to see in much broader applications."

In addition to taking away some lessons about how high-exposure, low-risk vulnerabilities can be easily combined to get at low-exposure, high-risk vulnerabilities, Cutlip says he believes audience members will learn how important it is to not only poke and prod their applications before deployment, but also test the limits of their networking equipment and firmware.


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers