Hackers use Cisco VoIP device to break into a hotel's private network

Cisco News Alert This newsletter is sponsored by Symantec Stay ahead of stealth security threats Reduce the propagation of malicious code, lower your risk profile, provide greater network availability and much more with Symantec Network Access Control. Network World's Cisco News Alert, 10/26/07 Welcome to the Friday edition of Network World's Cisco News Alert in which we focus on the top items from Cisco Subnet, your gateway to Cisco news, blogs, discussion forums, security alerts, giveaways and more. Enjoy! * TOP PICKS: Hackers use Cisco VoIP device to break into a hotel's private network Hackers at the Toorcon9 security conference in San Diego this week demonstrated how they broke into their hotel's corporate network using Cisco's VoIP device. The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP. Readers are asking how the hotel's VLAN let this happen. Have your say here. NAC: A to Z From buying tips to peer discussions. From case studies to market trends. Network Worlds newly enhanced Network Access Control Buyers Guide has everything you need to stay current, research technology, compare products and implement solutions - all in one convenient location. Click here to go to the Buyers Guide now. ALSO: Can Cisco do with Navini what it did with Airespace? Who gets your used Cisco equipment purchase orders? Cisco tax-evasion case: We're not to blame, vendor says Cisco India's $2 billion revenue goal * FROM OUR BLOGGERS: Brad Reese on Cisco: FBI collars lead to success convicting con artists defrauding Cisco In 2007, Cisco with the assistance of the FBI, successfully convicted 2 con artists who schemed to defraud Cisco out of millions. However, even more ominous for the morally challenged, is the continued pursuit by Cisco and the FBI of Cisco SMARTnet fraud. Individuals and companies involved in Cisco SMARTnet fraud who wish to turn themselves in or cooperate with law enforcement should contact the Federal Bureau of Investigation ... Joe Panettieri's Eye on Cisco: Cisco's next municipal wireless move Can Cisco transform the perfect storm into the perfect business opportunity? For those who missed the first two chapters of the municipal broadband story, let me get you up to speed. In Chapter One, several big city mayors promised their citizens free or low-cost universal broadband access. It was a "feel good" political story. How can affordable broadband be a bad thing? Jeff Doyle on IP Routing: New faces, new ideas I’m attending RIPE 55 in Amsterdam this week. While I’ve regularly attended NANOG and APRICOT over the years, this is my first RIPE meeting. And while I always look forward to NANOG and APRICOT as a time to catch up with old friends, I find myself standing off by myself in the hallways here, sipping coffee and scanning the crowds for familiar faces. I’ve said hello to Geoff Huston and Randy Bush; Phil Smith, Jordi Palet Martinez and Dave Meyer are rumored to be around here someplace but I haven’t seen them yet. My pal Kevin Epperson was supposed to be here, but he and his wife had a baby last week (congratulations, Kevin!). Wendell Odom's Cisco Cert Zone: Beginning your journey into the IP Telephony world From guest blogger Dave Schulz: It is my pleasure to address everyone out there in the network world this week! During the course of this week’s articles, I hope to offer some insights and suggestions for those interested in breaking into the world of IP Telephony. Dheeraj Tolani's Cisco Routing & Switching Essentials: Securing your router Welcome back. So far, we have configured a Cisco router with a basic configuration, including IP addresses, host tables, routing protocol (RIP), basic timeouts on lines, and DNS entries. It only makes sense to get started with some other basic security items. So we will discuss here some basic configurations that make sense for any router configuration. Michael Morris' Notes from the Field: Network capacity management: Why few do it, but everyone should I've been working on global, enterprise networks for over 10 years. During that time I've been exposed to small networks, large networks, dynamic networks built by the military, special purpose networks, the Internet, and so on. In just about every case, these networks shared the same flaw: the lack of a proactive network capacity management program. In the cases where network capacity management was addressed, it was a small attempt, relegated to third-class attention. ChannelSurfing with Ken Presti: The managed services drumbeat approaches Next month, the complexity will take another step forward as Cisco rolls out its new offer-based program for managed services. While the details are still being held close to the vest, it’s not yet too late for readers to give their two cents on what they’d like to see in such a program. What sort of help would you like to see managed service providers get? Is it marketing? Is it technological? Is it different areas of support? Jamey Heary: Cisco Security Expert: Cisco gives its Security Research Center a makeover Not many people realize that Cisco has been silently improving their security threat information site called The Cisco Security Center. I would also go out on a limb and guess that not many people ever knew Cisco provided free security research content. Bottom line is the site offers lots of excellent, and free, security content. HOT DISCUSSIONS AMONG CISCO SUBNET READERS: Cisconet: Cisco working on social networking platform based on 'entertainment' Reese: What do you get when spending $1 million for a single Cisco router? Wendell: NAT terms and a sample ICND1/CCENT question Doyle: IPv6 vendors should eat their own dogfood Morris: How far do single network vendor strategies go? Tolani: Routing essentials that make our lives easier FREEBIES, GIVEAWAYS AND OTHER NOTABLES: * Enter to win a Global Knowledge Cisco training course of your choice worth up to $3,995. Details here. FINAL FEW DAYS TO ENTER! *Enter to Win a Cisco Press Book: Up for grabs are 15 copies of "Monitoring with Cisco Security MARS" by Gary Halleen and Greg Kellogg. The book (a $60 value) helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Details here. Get a sneak peek of a chapter from one of the books here. * Read a free chapter from "Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design" by Denise Helfrich, Lou Ronnau, Jason Frazier, and Paul Forbes. Free excerpt here. * Check out Cisco Subnet's library for more free chapters from Cisco Press books.

MOST-READ STORIES: 1. Unlimited gall to cost Verizon $1 million 2. Storm worm strikes back at security pros 3. One picture is worth 335,000 charred acres 4. 10 reasons ITIL spooks IT managers 5. NASA offering $2M prize for lunar lander 6. What's holding Vista back? 7. Top 20 Firefox extensions 8. Apple now bigger than IBM 9. What a PC store pays for hard drive loss 10. Storm Worm now just a squall MOST E-MAILED STORY: Storm worm strikes back at security pros

Contact the author: Senior Editor Jim Duffy covers Cisco for Network World. Linda Leung edits Cisco Subnet. Cisco Subnet: The independent voice of Cisco customers   This newsletter is sponsored by Symantec Stay ahead of stealth security threats Reduce the propagation of malicious code, lower your risk profile, provide greater network availability and much more with Symantec Network Access Control. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007