sunhux
asked on
Security considerations & assessment when enabling Cisco Wake-On-Lan
We are looking into enabling WOL for our Cisco 2xxx & 3xxx switches.
The following links do not give any security considerations & assessments :
http://www.geekmungus.co.uk/cisco-and-networking/enablewakeonlanacrossvlanoncisconetwork
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html
Q1:
Let me know what to look out for? Any known WOL vulnerabilities in the past that needs to
be patched or mitigations to put in place?
Q2:
We do have SolarWinds (though not all options) that currently monitor our switches & servers:
anything we need to do or just use the tool mentioned in above links ?
Q3:
Do we need to perform VA/Pentest again after enabling WOL?
Q4:
Is WOL applicable only on Cisco switches only or routers as well?
Q5:
When WOL is enabled, any security or non-security precautions need to
be taken on the PCs/laptops & servers that they are connected to?
The following links do not give any security considerations & assessments :
http://www.geekmungus.co.uk/cisco-and-networking/enablewakeonlanacrossvlanoncisconetwork
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html
Q1:
Let me know what to look out for? Any known WOL vulnerabilities in the past that needs to
be patched or mitigations to put in place?
Q2:
We do have SolarWinds (though not all options) that currently monitor our switches & servers:
anything we need to do or just use the tool mentioned in above links ?
Q3:
Do we need to perform VA/Pentest again after enabling WOL?
Q4:
Is WOL applicable only on Cisco switches only or routers as well?
Q5:
When WOL is enabled, any security or non-security precautions need to
be taken on the PCs/laptops & servers that they are connected to?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the link.
There's no mention about "ip redirects" in the link; can elaborate if
"ip redirects" is a requirement & how this can be mitigated if this
'ip redirects' is enabled?
There's no mention about "ip redirects" in the link; can elaborate if
"ip redirects" is a requirement & how this can be mitigated if this
'ip redirects' is enabled?
ASKER
Just spotted something in that link about "directed broadcasts" :
so if "no ip redirects" is present, the switch help stop directed broadcasts?
so if "no ip redirects" is present, the switch help stop directed broadcasts?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Above url appears to indicate we have to enable "IP redirects" ?
Caveat - Directed Broadcasts
IP directed broadcasts are used in the common and popular smurf denial of service attack, and can also be used in related attacks.
But in our Hardening Standard, we have a line "no ip redirects" so we need to remove this?
It will become an exception to our hardening standard then. With this enabled, what's the
mitigations?