This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
A Possible Rootkit Aimed at Cisco
It appears that some are concerned with Cisco's routers and switches-specifically, about a possible rootkit that is called the "Da IOS Rootkit," presented at a security conference by Core Security. In 2006, Microsoft's Security Chief Mike Danseglio said of Rootkits, "be afraid, very afraid," but I still don't think the message is out there. We've heard about the Brute Force Attacks and the carrier losses and about the possible SPIT threats. To hear now that the Cisco routers and switches that sit in networks are vulnerable to rootkits is a bit unnerving.
What really gets my attention in the article about the Cisco vulnerability is what Cisco's Security Officer, John Stewart complained about: the customer's unwillingness to upgrade their Cisco IOS. Then, he goes on to add:
"I can give them the list of known vulnerabilities, but customers still don't want to touch it because it's working... I think there's a certain level of 'well it's working, don't touch it, because it's fragile, it might break'. I understand that, however I don't find it acceptable," he said.
So before you buy into "No One Gets Fired For Buying Cisco," you better consider "Can Everyone Afford to Buy Into Cisco" first. 3Com's (Tipping Point) Chief Architect has a different take on trying to secure the routers and switches. So no one is likely going to argue that IPT isn't vulnerable, no one is going to make a stand that they aren't afraid- after all, if Microsoft is afraid then wouldn't you be?
"Security, Speed, Quality" is an old, old military argument--that you can't have all three; inevitably you have to sacrifice one or even two. Until it happens, the security massacre that could impact IPT to a scale that grabs everyone's attention seems to be a theory. Maybe the grand event won't happen--but if it ever does, are you ready?