RE: Worms, Air Gaps and Responsibility - Cisco

["Paul D. Robertson" <paul () compuwar net>]

On Mon, 17 May 2004, Kelly, Chris W. wrote:

> Well, I just received this - a notice on the possible theft of Cisco's
> IOS

While it's prudent to be ready to upgrade IOS due to found bugs,
especially given the fact that older equipment will likely not have memory
or flash capable of taking newer IOS images, double checking filters to
the router's internal and external interfaces, and possibly having a
couple of bridge mode firewalls available, I think this is being blown
completely out of proportion...

IOS has been available to lots of Cisco partners for quite a while, unlike
Windows, a great many more people have seen the source.

Lots of bad folks have had the source.  See above.

I remember a boss at a former employer visiting Cisco and having been
surprised at the lack of security they exhibited internally.  See above.

Now, if Cisco were going to do damage control, they'd contract chunks out
for a code review (and run one or two of the code scanners over the whole
pile quickly,) and fix any problems *in or out of support*- but that's
more of a placebo than anything.

ACL your routers from both sides, inventory and figure out what's going to
be painful to upgrade and what it'll cost, and watch for activity/updates.
That's about the most you can do.

When it comes to infrastructure, you should have been doing it all anyway,
so it should be easy...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards