August 8, 2024 at 01:25PM
CISA recommends disabling the Cisco Smart Install feature due to recent abuse in attacks. Threat actors exploit weak password types and leverage other protocols to steal sensitive data. Admins are advised to disable legacy SMI protocol, implement stronger password protection, and follow best practices for securing administrator accounts and passwords within configuration files.
Based on the meeting notes provided, the key takeaways for action would be:
1. Disabling the legacy Cisco Smart Install (SMI) feature as recommended by CISA to prevent ongoing attacks leveraging this protocol.
2. Reviewing the NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for further configuration guidance.
3. Implementing better password protection measures, specifically using NIST-approved Type 8 password protection for all Cisco devices, as recommended by CISA. This includes ensuring all passwords on network devices are stored using a sufficient level of protection and following best practices for securing administrator accounts and passwords within configuration files.
These takeaways illustrate the urgent need to address vulnerabilities related to the Cisco SMI protocol and password protection on network devices to enhance cybersecurity measures and mitigate potential threats.