I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean) 6 years ago. Cisco sources never was a great secret
Then you shouldn't be talking about it.
I mean - such things was common even 6 years ago. There was (always) some level of rooted servers, some level of teen hackers, some level of compromised passwords. Absolutely nothing new. If you (like Cisco) have a wide cooperation, are big, and decided (reasonably) do not sacrify in productivity because of paranoiic security - you have some risk of be intruded. It just means _use simple, sometimes primitive, but effective measures for additional protection_. Host based IDS-es on ALL (ALL) servers, single time passwords for everything, non standard ports - at least one of such list (teher are much more on the list).
Okay, so if it is a Good Thing for competitors and a Bad Thing for Cisco which is a commercial company with a vested interest in not giving away their secrets to competitors, how is this not a major loss? _EVEN_ if only in reputation? No, exclude reputation from my list - I did not estimated it. 100% agree about reputation. But cisco's reputation is not major thing for anyone outside of Cisco.
I underplay it because it is overplayed by the media. If (IF!) cisco code had not backdoors from developers (and I believe, it had not), then this particular event is major for Cisco, but minor for the rest of the world (even for competitors). You can not do much with this code, except if you are Cisco or are contrafacting Cisco's as a clone - it (as any such code) require the whole infrastructure around to be used. (It's as egg cell - we need a whole women around to get use of it).
It is amazing. Cisco made a lot of noice about IDS, IPS, etc etc.... while no one in reality need these super expansive and complex tools (except few dozens of companies under the DDOS risk); but
IDS.. IPS.. etc.. etc... DDoS risk?
I can agree with many on the complete uselessness of IDS for most companies (I can't live without it!).. IPS systems are a different matter.
missed so simple thing as ssh exploit in their own nest. (It is not harmless - we found ssh trojan on my previous job, just exactly the same
Let me Google you and find where you worked. :o) Ok, but we do few simpler measures (sometimes on 0 cost) which dramatically decrease a chance of intrusions, and other measures to prevent any chance of intrusion into important areas. And we do not forget to patch 'ssh' and 'ssl' (after all -:)).
IDS and IPS are good, if you have it on _EVERYTHING_ (which means, btw, that they can not be very expensive because you will never be able to use expensive tool on _everything_) and, most important, main IDS and IPS have brand names _cluefull admin and cluefull manager_. But we got aside. My point for this forum was _do not overestimate real harm from this Cisco sources leak_. It is almost harmless (except for repuation) vs consumer data leaks, consumer password's leaks, consumer OS exploits, medical data leaks and so on. If someone get control on ISP xxx routers - trust me, it will happen because he found admin passwords and because clueless admin allowed in-band access from Internet, or because NOC's server was compromised - but not because someone had Cisco sources.
Burrowing from that, if the attack is successful, and the loss is significant, I think the way there - although cute, is irrelevant except
I mean _MINOR_ because lost was minor, in reality. No because it was ssh exploit.
Okay, I still don't follow you. I don't mean to be annoying but I really don't. Let's not move too much into the realm of security and stay in net ops.
How is this not a loss and not a risk? If we can't reach an agreement I suggest we take this off-list.
Because it is useless for hackers, except if Cisco have a backdoors and embedded trojans. And (most important) because it distract NOC's and security guys from securing NOC's, access pathes to the routers, use changable passwords and so on. Simple question - do you control all changes on your routers and firewalls? I mean - something like CCR system (which sends daily change reports) or Cisco Works (as I know, do the same)? How often do you change enable passwords? Is it enough for intruder to set up sniffer in the NOC, steal password, then loging and change config (and be unnoticed)?
Gadi.