Further study

Many discussions of potential exploits for IOS exist. The general techniques are discussed in “The Shell Coder’s Handbook” (Wiley).

A good introduction is given in “Killing the myth of Cisco IOS rootkits: DIK (Da Ios rootKit)” (Sebastian Muñiz)

For balance, you should read “Rootkits on CISCO IOS devices” Cisco document ID: 582. This provides background information on how to do QA on your CISCO software images.

Any security professional should also review “Cisco Guide to Harden Cisco IOS Devices” Cisco document ID: 13608, or more correctly, chase down the specific manual for the device and software release you are using.

Read an analysis of IOS issues

It is not just CISCO; similar techniques will apply to other equipment. Techniques are in the wild for hacking SOHO devices, as an example see “Owning the Network: Adventures in Router Rootkits” (Michael Coppola, DEFCON 2012).

At the enterprise level, we centralize authentication, authorization and accounting (AAA) and use a centralized server and services, no local accounts. Do a search on the Cisco command aaa new-model and make sure you understand the issues and the terminology.