An article about a Cisco FTP vulnerability caught my eye today. The article gave little detail, so I checked with Secunia and sure enough saw an advisory. That’s an interesting vulnerability (impacting, but not enabled by default…so not the holy grail of network hacking), and I would hope good admins have taken some measures to already mitigate or avoid this issue.
First, don’t use the FTP server. I’d rather use an external TFTP server as opposed to one on the router itself. Second, even if the config is disclosed, limit the damage by making sure your enable and enable secret passwords are different, as are the SNMP strings and other access passwords that may be disclosed in the config. Also make sure they’re all different across other routers (minus the SNMP string of course). Third, update your IOS, of course, and hope that Cisco puts in a (long overdue) SCP/SFTP solution sooner than later.
Of additional note, I’m still itching to get my hands on the Hacking Exposed: Cisco Networks book. It taunts me weekly from the bookstore shelf, but I just don’t want to get too confused as I am hitting the running strides of my study for CCNA (which I will take in late May or early June).
If you can use the words TFTP, SNMP, and SCP in a paragraph and have it come out and make sense then you already are better than a CCNA in my book.
I recommend against Cisco certifications (I have a bunch myself). Try EXIN ITSM, SANS GWAS, or a programming cert. The SCJP, SCJD, SCWCD, SCDJWS, SCEA, MCTS: .NET Framework 2.0 Web Applications, MCPD: Web Developer, and MCSD certifications are more worthwhile and it sounds like you would learn more.
For studying, I only use one resource – http://actualtests.com