Posts Tagged ‘Hacking’

Suspended for hacking Cisco Clean Access NAC

April 27, 2007

Tim Green over at NetworkWorld has interviewed me for an article with an interesting story. A sophomore student over at the University of Portland was recently suspended for a year since he managed to find a way to circumvent Cisco’s Clean Access NAC. The student managed to find several vulnerabilities with Cisco’s CCA circumventing it to believe its operating system and A/V adhere to the network access policy, where in truth they were not.

Some more information can be read at The Beacon, the students paper over at the University of Portland.

This story, and others, that were published recently, demonstrates how a questionable device, that is not trusted as is, may falsify information part of a posture validation check. This proves one of the points I have raised during my summer BlackHat 2006 presentation were I have raised these same issues.

The first lesson you learn with information security is that there is no such thing as client-based security.