RE: IT security people sleep well

["Jason Frisvold" <friz () corp ptd net>]

> -----Original Message-----
> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
> OK.. Say you can get it into the code train for 200K.  What 
> do you do with all
> those routers that have only 100K or 125K of space left in 
> the flash (if that),
> and the flash is NOT going to get any bigger without massive 
> abuse of a
> soldering iron because not all the needed address lines are 
> brought out to the
> flash chip (a fine tactic dating back decades - I remember 
> seeing a 16K ROM
> nailed to the top quarter of the 64K address space, and only 
> 14 address lines
> brought to the chip - it was nailed to the top 16K by feeding 
> A14 and A15 to an
> AND gate which fed the 'Chip Select' pin...)

Agreed, but what are those routers used for these days?  We use those
routers for management (old 2511's) ...  Any existing 2500's in the core
network (yes, I'm ashamed to say some still exist) are ensured to have
the max memory they can get ...  Again, this is purely theoretical for
me as management here has not deemed it appropriate to deploy ssh ...

But, if ssh were added to all IOS's, it would greatly reduce the number
of routers that could *not* include SSH due to flash limitations...

I can say that in other networks that I consult for, I try to ensure ssh
is available, as well as acl's and other security techniques...  :)

Jaosn Frisvold
Penteledata