Cisco has reiterated that its Smart Install feature is not a bug and not a vulnerability, and to prove it's not, it's built a tool to help sysadmins block it.
Smart Install (SMI) is by necessity insecure: sysadmins used it to give a new switch a minimal setup, so you can ship it to a branch office and, when it's plugged in, it will fetch its configuration from a central repository.
The problem is, not everybody remembers to turn the feature off after the device is live.
Hence the reiteration – and the sniff rules that will make it easy for sysadmins to find devices that are open to SMI when they shouldn't be.
Michael Schueler, with contributors Stefano De Crescenzo and Paul Oxman, says the extra help has three components: a tool to scan for SMI, a suitable intrusion prevention system (IPS) signature, and Snort rules.
SMI is easy to disable with the
no vstack configuration command.
Schueler also notes that SMI is, by now, a legacy feature replaced in newer systems by the Cisco Network Plug And Play system. ®