Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility - Cisco
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 18 May 2004 08:02:56 -0400 (EDT)
On Mon, 17 May 2004, Kelly, Chris W. wrote:
Well, I just received this - a notice on the possible theft of Cisco's IOS
While it's prudent to be ready to upgrade IOS due to found bugs, especially given the fact that older equipment will likely not have memory or flash capable of taking newer IOS images, double checking filters to the router's internal and external interfaces, and possibly having a couple of bridge mode firewalls available, I think this is being blown completely out of proportion... IOS has been available to lots of Cisco partners for quite a while, unlike Windows, a great many more people have seen the source. Lots of bad folks have had the source. See above. I remember a boss at a former employer visiting Cisco and having been surprised at the lack of security they exhibited internally. See above. Now, if Cisco were going to do damage control, they'd contract chunks out for a code review (and run one or two of the code scanners over the whole pile quickly,) and fix any problems *in or out of support*- but that's more of a placebo than anything. ACL your routers from both sides, inventory and figure out what's going to be painful to upgrade and what it'll cost, and watch for activity/updates. That's about the most you can do. When it comes to infrastructure, you should have been doing it all anyway, so it should be easy... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility - Cisco Kelly, Chris W. (May 18)
- RE: Worms, Air Gaps and Responsibility - Cisco Paul D. Robertson (May 18)