In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.
CISA also continues to see weak password types used on Cisco network devices. A Cisco password type is the type of algorithm used to secure a Cisco device’s password within a system configuration file. The use of weak password types enables password cracking attacks. Once access is gained a threat actor would be able to access system configuration files easily. Access to these configuration files and system passwords can enable malicious cyber actors to compromise victim networks. Organizations must ensure all passwords on network devices are stored using a sufficient level of protection.
CISA recommends type 8 password protection for all Cisco devices to protect passwords within configuration files. Type 8 password protection is more secure than other password types and approved by NIST. CISA urges organizations to review NSA’s Cisco Password Types: Best Practices guide for more information and follow the best practices for securing administrator accounts and passwords:
- Properly store passwords with a strong hashing algorithm.
- Do not reuse passwords across systems.
- Assign passwords that are strong and complex.
- Do not use group accounts that do not provide accountability.