Wednesday, November 23, 2005

IOS makes it to SANS top 20

For the first time, networking products have made it to the SANS Top 20 Vulnerability list...and Cisco IOS dominates the list.

The top vulnerabilities in networking products are identified as Cisco IOS and non-IOS products and Cisco device configuration weaknesses.

SANS said a worrying trend this year has been the fresh attention given to critical security holes in network devices like the routers and switches that keep traffic moving across the Internet. "Network devices often have on-board operating systems and can be programmed just like computers," the institute said. "Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks."
Recently Gartner recommended that enterprises running Cisco IOS pay close attention to IOS vulnerabilities, treat them seriously and follow the guidelines within advisories to upgrade to a newer version of software at the earliest possible opportunity. Gartner recommends that enterprises take immediate action to shield their network using a layered defense, including network-based intrusion prevention (IPS) technologies, to block exploits while executing normal test-and-patch deployment processes.
We have warned about IOS on several previous postings, see Cisco IOS next big concern. The main warning we made was that patching IOS is a non-trivial and possibly costly affair and plans need to be set afoot now rather than later when it is too late. The last thing an organization would need is to be pushed into a corner where an emergency patching / upgrading triage could bring down their network without the appropriate testing.
The SANS Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation. Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first.

Vulnerabilities on this year's list are defined by four criteria:

  1. They affect a large number of users;
  2. They have not been patched on a substantial number of systems;
  3. They allow computers to be controlled by a remote, unauthorized user;
  4. Sufficient details about vulnerabilities are available to enable attackers to exploit them

RELATED ARTICLES : Security set back 6 years, Cisco IOS next big concern, New IOS flaw patched, New critical Cisco IOS flaw, CiscoGate : Advice for customers

CATEGORIES: 1ios, 1infrastructure, 1vulnerabilities, 1patching, 1trends, 1first

Rate this post: (Provided by NewsGator)


Blogger LilBambi said...

You are so right Dwaine. We have been concerned about this for quite some time.

There are no easy answers and Cisco's response has been less than stellar.

It seems that routers and such may need to be provided in software form to be configured on computers rather than the routers/gateways themselves and then hardcoded to the router/gatewats and then write protected in some manner if these types of exploits can not be dealt with vigorously by makers of the devices like Cisco, as well as the gatekeepers of the Internet at the backbones.

I don't even know how well such changes could even be dealt with. The cost on new equipment would be a great burden to the gatekeepers at the backbones of the Internet. And not exactly something anyone of them would relish hearing.

Also, I don't know if it would really fix the problem as new vulnerabilities are found, at least in a zero day situation.

I may be way off base on this too. I am not a programmer and never claimed to be. LOL!

BTW: Thanks for your comments on my blog. Much appreciated. :)


Wednesday, November 23, 2005 10:21:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home