Recommended testing includes investigating configuration changes, monitoring service accounts, checking SIEM correlation for anomalies, and ensuring network isolation and DMZs are configured correctly. A common thread in the advisory is the vulnerability of external connections – including VPNs, legacy SSH-1, and FTP – and weak points such as passwords, authentication, access control and tampering.
Advice specific to Cisco devices includes disabling telnet, disabling Cisco’s Linux guest hell, and where possible disabling web communication in favor of the command line.
This is the general advice of any security warning issued by governments around the world in the last decade. Apparently, some are not being worked on, perhaps because telco networks are often full of old machines that have been forgotten. Summary: Scan everything for old, vulnerable items and keep doing this forever.
Source link