It is not a topic that is talked about too much, but it should not be ignored that any counterfeit device is a danger. In fact, it is increasingly difficult to detect one. One of the most serious aspects is to use this type of device in companies. Cisco is one of the most important manufacturers of devices for business networks in the world, among the most popular product lines we can mention the Cisco Catalyst . In this line we can find the manufacturer’s manageable switches. What’s the worst that can happen if you use counterfeit switches?
It is good to keep in mind that one of the most important considerations when purchasing any network device is to ensure its authenticity. The switch is no exception. This claim has gained more strength after a curious discovery by a specialized technology company called F-Secure Consulting .
Through a client of theirs, they found that they had illegitimate equipment after a software update. In relation to the latter, you can take note for subsequent purchases you make. Any device that is not authentic, and you apply some software update so that it later stops working, is practically a clear sign that something is not correct as to its origin. We know that there may be situations in which, after a software update, a device could have some other problem. However, this does not imply that it stops working completely.
Don’t know what the differences are between a switch and a hub ? Read our complete tutorial.
Identifying a counterfeit switch
The Helpnetsecurity portal He has shared an image that manages to illustrate the minimal, but important similarities regarding what a true Cisco switch looks like versus one that is not.
On the left is a counterfeit Cisco Catalyst Managed Switch . The first thing you can see is that the text is somewhat misaligned. Above all, the top numbers (23 and 25) are very close to the edge around the switch ports. On the other hand, the port numbers are vibrant white. However, on the right we find an authentic Cisco Catalyst switch, and the same, in addition to the correct alignment of the numbers, the text itself is somewhat more opaque. Virtually gray.
Of course, a much more thorough analysis of these switches was accomplished. Aspects such as slight alterations in the circuitry of the plates were found. Also, another one was found that makes one stay much more confident about the fact that they are indeed facing a counterfeit switch: an extra memory chip on each one’s board. Using digital forensics solutions, it was detected that the studied switches exploited a security flaw found in the switch design itself. This failure allows all security controls to be bypassed, specifically the Cisco Secure Boot that blocks the startup of a device if the firmware detects that there is something wrong with the device. Whether it was a counterfeit device or if you have a security problem.
Do you want to know what are the best switches on the market and best 10G switches ? Read our complete ranking.
The risk of backdoors in networks
It is evident that the people responsible for these counterfeit devices are intended to try to create backdoors that facilitate the attack on compromised networks. Remember that a backdoor is like a door that is permanently open, so that you can enter any place permanently, how and when you want. A backdoor in a network infrastructure is extremely dangerous, especially if it manages to escalate certain privileges and gain administrator access to the devices that contain that network.
From the moment one or more backdoors are in a network, the possibilities of cyberattacks are endless. From the theft of sensitive content data, to the interception of network traffic in order to distribute malware, ransomware or worse, the infection of different users so that they become zombies and thus, be part of one or more botnets .
Fortunately, all analyzes so far have yielded no evidence of a specific backdoor allowing “easy” spy-type access to the switches or network in question. Likewise, these counterfeit switches represent multiple security threats to the network of both the affected company and others.
The Importance of Using Genuine Hardware
Situations like those that this technology company has gone through, makes it clear that we should not consider the use of counterfeit network devices as a minor issue. Also, it lets us see how easy it is to deceive the buyers of these devices. Drives that were detected as counterfeit, without being very observant, look like ones that are legitimately Cisco. How is this possible?
The helpnetsecurity portal indicates that the person or group of persons responsible was most likely able to access privileged documentation. Specifically, regarding the proprietary architecture of Cisco switches. So that’s why they achieve very similar units to the real ones. Equally, it is also valid to think that they simply relied on existing devices that they could have obtained from someone else and that later, they began to manufacture the counterfeit units based on what they had available.
More than ever, the IT area must have an extremely detailed and attentive look at the hardware that is purchased. Of course, it is not possible to completely disassemble a device before buying it and thus verify its authenticity. However, a number of recommendations can be applied that will prevent more than one headache from counterfeit devices:
- Opt for device vendors that are licensed by the manufacturer.
- It ensures transparency when it comes to purchasing processes for devices of this type.
- Ensure that all devices, including terminals, have the latest in software updates.
- Examine each unit purchased in detail:
- Take note of the characteristics that make one unit differ from another (and should not).
- Photograph potential differences.
- Document everything mentioned above appropriately.
- Share the documented with suppliers to clarify any type of doubt.
You must have wondered what device purchasing policies have to do with counterfeit switches. The answer is very simple. It will help that, in the event of any inconvenience, the invoices and contracts duly generated and filed will serve as evidence in the event that you need to make a claim to the supplier. Unfortunately, the specialized company F-Secure Consulting noted that the counterfeit switches purchased by their customer do not have sufficient documentation to allow for vendor tracking.
We must not forget that, in addition to presenting itself as a potential security hole, it is a great risk to network performance. Although the manufacturer itself has strategies to prevent the largest number of people and companies avoid encountering counterfeit devices, we must be careful about what we are going to buy. Fortunately, we have the necessary means to do this.
Are you interested in setting up a home network at 10Gbps ? Do not miss our complete tutorial.