nanog mailing list archives
Re: Networking Pearl Harbor in the Making
From: "Eric Germann" <ekgermann () cctec com>
Date: Mon, 7 Nov 2005 11:26:19 -0500 (EST)
Looks like vendor J is going to benefit from the issues laid out for Vendor C. http://www.networkworld.com/news/2005/110405-juniper-cisco-hacker.html
At 08:52 AM 11/7/2005, you wrote:On Mon, Nov 07, 2005 at 06:43:35AM -0500, J. Oquendo wrote:the center of the information security vortex. Because IOS controlstherouters that underpin most business networks as well as the Internet,I think in general this is an argument against converged networks, the added complexity and outages may not be worth the gains..It is an argument for proper patching policy and procedures. There is no zero day exploit for this exploit and to my knowledge, there hasn't been one yet which came out at the same time as the advisory for ANY major vendor although the window is shrinking. All worms and other exploits which have achieved press coverage and caused major network disruption would have been avoided by proper patching. All of our network is now patched for the latest Cisco advisory. We were already running fixed code on a few routers when the advisory came out so we knew the code was stable and moved to it on all other boxes. I understand that not everyone can act as quickly as we do, but to delay patching indefinitely until the problem occurs - for "stability" reasons is not the solution either. Better code is part of the solution and teaching and enforcing proper programming techniques to create secure code in the first place are just part of the solution. Getting people to install (so far) secure code is another bigger problem which can be solved today. I think all the major vendors are aware of the extent of the problem and are making their systems more secure by auditing their existing code more thoroughly as well as teaching their programmers to code securely in the first place. -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin
Current thread:
- Networking Pearl Harbor in the Making J. Oquendo (Nov 07)
- Re: Networking Pearl Harbor in the Making Jared Mauch (Nov 07)
- Re: Networking Pearl Harbor in the Making Robert Boyle (Nov 07)
- Re: Networking Pearl Harbor in the Making Eric Gauthier (Nov 07)
- Re: Networking Pearl Harbor in the Making James Baldwin (Nov 07)
- Re: Networking Pearl Harbor in the Making Eric Germann (Nov 07)
- Re: Networking Pearl Harbor in the Making Blaine Christian (Nov 07)
- Re: Networking Pearl Harbor in the Making Christopher L. Morrow (Nov 07)
- Re: Networking Pearl Harbor in the Making Blaine Christian (Nov 07)
- Re: Networking Pearl Harbor in the Making Tom Sands (Nov 07)
- Re: Networking Pearl Harbor in the Making Warren Kumari (Nov 07)
- Re: Networking Pearl Harbor in the Making Robert Boyle (Nov 07)
- Re: Networking Pearl Harbor in the Making Jared Mauch (Nov 07)
- Re: Networking Pearl Harbor in the Making Michael . Dillon (Nov 08)
- Message not available
- Re: Networking Pearl Harbor in the Making Roy S. Rapoport (Nov 08)
- <Possible follow-ups>
- RE: Networking Pearl Harbor in the Making Hannigan, Martin (Nov 07)
- Re: Networking Pearl Harbor in the Making Simon Waters (Nov 07)
- Re: Networking Pearl Harbor in the Making Christian Kuhtz (Nov 07)
- Re: Networking Pearl Harbor in the Making Simon Waters (Nov 07)