Published in News
Cisco's NAC ripped apart
Germans cracked it open
Cisco’s Network Admission Control (NAC) has two flaws which allow unauthorised PCs to be viewed as legitimate devices on a network.
Two German security experts Michael Thumann, chief security officer, and Dror-John Roecher, senior security consultant at German penetration-testing firm, ERNW have showed a tool which takes advantage of the flaws.
Speaking to Techworld, Roecher said that a "fundamental design" failure makes it possible to trick the policy server to allow any device to access a network.A second flaw prevents the policy server from confirming whether the information it gets from the trust agent is accurate. Therefore, he said, spoofed information can easily be sent to the policy server. He demonstrated a way of persuading the installed Trust Agent to not report what's actually on the system but to report what we want it to.
All it takes is to spoof the credentials and gain access to the network" with a system that is completely out of compliance.