At 08:52 AM 11/7/2005, you wrote:
On Mon, Nov 07, 2005 at 06:43:35AM -0500, J. Oquendo wrote:
the center of the information security vortex. Because IOS controls the routers that underpin most business networks as well as the Internet,
I think in general this is an argument against converged networks, the added complexity and outages may not be worth the gains..
It is an argument for proper patching policy and procedures. There is no zero day exploit for this exploit and to my knowledge, there hasn't been one yet which came out at the same time as the advisory for ANY major vendor although the window is shrinking. All worms and other exploits which have achieved press coverage and caused major network disruption would have been avoided by proper patching. All of our network is now patched for the latest Cisco advisory. We were already running fixed code on a few routers when the advisory came out so we knew the code was stable and moved to it on all other boxes. I understand that not everyone can act as quickly as we do, but to delay patching indefinitely until the problem occurs - for "stability" reasons is not the solution either. Better code is part of the solution and teaching and enforcing proper programming techniques to create secure code in the first place are just part of the solution. Getting people to install (so far) secure code is another bigger problem which can be solved today. I think all the major vendors are aware of the extent of the problem and are making their systems more secure by auditing their existing code more thoroughly as well as teaching their programmers to code securely in the first place. -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin