Cisco has launched four manuals for incident responders who are investigating company equipment that they suspect has been hacked. The four manuals focus on four of the company’s major software platforms.
The manuals provide step-by-step plans on how to extract forensic information from hacked devices while maintaining data integrity, reports ZDNet. The four manuals focus on Cisco ASA, Cisco IOS, Cisco IOS XE and Cisco FTD.
ASA is software that runs on security devices and combines firewall, antivirus, intrusion prevention and VPN capabilities. IOS is a proprietary operating system that runs on most of the company’s switches and routers. XE is a Linux-based operating system that runs on switches and routers. FTD combines the company’s ASA and Firepower technology and is part of Cisco’s firewall hardware.
However, the company has not published a manual for one large line of software. That’s IOS XR. This software runs on routers for providers.
Information in the manuals
The four manuals contain more or less the same information. These are procedures for collecting the platform configuration state and runtime state, investigating system image hashes for deviations and verifying the correct signing characteristics of the FTD system and running images.
The four manuals also contain information on collecting and verifying the memory text segment, generating and collecting crash information and core files, and examining the settings of ROM monitor settings for remote system image loading.
The four manuals are published on the company’s Tactical Resources portal. That portal previously only contained manuals for checking the integrity of the firmware and operating system on various devices.
In August, Cisco closed another leak in its IOS and IOS XE software. With a patch, business VPNs need to be protected against crypto attacks. These attacks threaten corporate VPNs and can target networks via man-in-the-middle attacks.