Re: Networking Pearl Harbor in the Making

[Robert Boyle]

At 08:52 AM 11/7/2005, you wrote:
> On Mon, Nov 07, 2005 at 06:43:35AM -0500, J. Oquendo wrote:
> > the center of the information security vortex. Because IOS controls the
> > routers that underpin most business networks as well as the Internet,
>
>         I think in general this is an argument against converged networks,
> the added complexity and outages may not be worth the gains..
It is an argument for proper patching policy and procedures. There is 
no zero day exploit for this exploit and to my knowledge, there 
hasn't been one yet which came out at the same time as the advisory 
for ANY major vendor although the window is shrinking. All worms and 
other exploits which have achieved press coverage and caused major 
network disruption would have been avoided by proper patching. All of 
our network is now patched for the latest Cisco advisory. We were 
already running fixed code on a few routers when the advisory came 
out so we knew the code was stable and moved to it on all other 
boxes. I understand that not everyone can act as quickly as we do, 
but to delay patching indefinitely until the problem occurs - for 
"stability" reasons is not the solution either. Better code is part 
of the solution and teaching and enforcing proper programming 
techniques to create secure code in the first place are just part of 
the solution. Getting people to install (so far) secure code is 
another bigger problem which can be solved today. I think all the 
major vendors are aware of the extent of the problem and are making 
their systems more secure by auditing their existing code more 
thoroughly as well as teaching their programmers to code securely in 
the first place.

-Robert


Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin