Cisco's network access control has unsafe default configuration
Cisco's NAC network access control can be circumvented as a result of an unsafe default configuration. As reported by Network World, a US student at the University of Portland succeeded in gaining access to the university network using Trust Agent Software without subjecting his laptop to the prescribed security check. NAC is intended to prevent or limit access to the network for insecure computers or computers which do not conform to the network policies.
The cause of the problem was the default configuration of the Cisco Clean Access system, which is intended to ensure network access by internet-capable mobile devices and PDAs with operating systems for which no Trust Agent is available. The student was apparently able to fool the NAC into thinking that he was running a non-supported operating system on his laptop.
Technical details of the attack have not been released. Cisco has, however, apparently acknowledged the problem, as, according to Network World, from version 4.1.1 onwards Cisco's Clean Access software no longer allows devices with unknown operating systems to access the network by default. This may, however, merely represent a workaround for an underlying problem relating to recognition of client operating systems. Registered Cisco customers can obtain further information from the release notes for the new version.
- Fooling Cisco's NAC network access control, report on heise Security