Recommended checks include investigating configuration modifications, monitoring service accounts, checking SIEM correlations for anomalies, and ensuring network segmentation and DMZs are set up correctly. A common thread in the advice is the vulnerability of external connectivity — including VPNs, legacy SSH-1, and FTP — and the weak points that are passwords, authentication, access control and patching.
Advice specific to Cisco equipment includes disabling telnet, disabling Cisco’s Linux guestshell, and where possible disabling web interfaces in favor of the command line.
This is generic advice of the sort that peppers any security alert put out by governments across the world in the last decade. Clearly, some of it is not being acted on, possibly because telco networks are often full of equipment dating back years which has been forgotten about. In summary: Audit everything to find old, vulnerable stuff and keep doing this indefinitely.
