cisco messed up, safe architecture??

Discussion in 'Cisco' started by John Llort, May 19, 2004.

  1. John Llort

    John Llort Guest

    How could they have the IOS source on a server that is attached on a network
    that can be accessed by the public internet?? Thats like Coke leaving the
    formula in a public place hoping no one takes it.

    They should have had a seperate secret encrypted network (like the DoD
    SIPERNET) that does not touch the public network. For the cisco developers
    give them 2 desktops, a special desktop with no ports/drives accessible by
    the user and is attached to a special private encrypted wan/lan that does
    not touch the public network physically at any point then one desktop
    attached to the regular non-secret network which can access the internet
    etc..

    Its not like cisco is cash strapped and cannot have such a system in place
     
    John Llort, May 19, 2004
    #1
    1. Advertisements

  2. Maybe because Cisco employees sometimes work from home? This is not
    national security we're talking about, it doesn't need military-level
    protection?
     
    Barry Margolin, May 19, 2004
    #2
    1. Advertisements

  3. John Llort

    victor Guest


    You can still work from home, provide the end user with a thin client
    terminal and a router with a PVC on that secret network, the thinclient can
    connect and work from a vaulted system assigned to the user.

    This loss is a big one in terms of Intellectual property that can be glossed
    over by the competition and China will probably jump on that code. Cisco can
    afford to have a second private encrypted frame relay network for
    development, This is one of ciscos crown jewels we are speaking about.
     
    victor, May 19, 2004
    #3
  4. You sound pretty sure that access to the code was obtained via the
    public Internet by an unauthorized user (i.e., a non-Cisco employee).
    I assume you have a link where Cisco confirms that this was indeed
    what happened -- can you post it? I haven't seen any such admission.

    -Terry
     
    Terry Baranski, May 19, 2004
    #4
  5. John Llort

    MC Guest

    I get very nervous having a vendor try and sell me on a security solution
    when they do not follow many of the same recommended practices they suggest
    or worse when they sell security solution then they get hacked, not very
    comfortable with their securitry solutions. Of course not sure the excact
    details of how the code got leaked yet either.

    Of course look at how many vulnerabilities are continously released against
    the PIX firewall platform.

    I have never been impressed with other Cisco solutions other than routers.
    And then there was a time I was getting many DOA routers from Cisco, Bad
    quality control when started being made outside of the US.

    And reading another topic relating to how over the years the IOS code has
    been developed by being patched by many different people, The code base is
    not as wel understood by anyone enough now to get it more effiecient and
    smaller in size. We are at an empass where we can not go and upgrade a large
    number of routers to have tons of memory and flash just to run the newer
    code that we are having to go to to be anywhere near being supported and fix
    some vulnerabilities just to run the same features and configurations and
    will never change.

    I am also using Nortel routers in many networks. The one thing I like about
    their BayRS is I can get any level of feature set softeware and using an
    image builder part of their sitemanager application custom build an image to
    a samller size that includes only the protocols and features I need to a
    very small image size.

    What Cisco needs to do is invest resources in moving their IOS from just a
    feature set code base to a modular one. where one can add different modules
    to build an image to include only what is needed. And at the same time
    rewrite the code to be more effiecient.

    There is a big difference in the way vendors implement hardware and the
    software architecture that is used that make a big difference in the way the
    platform will perform.

    I have worked in an engineering real time simulation environment in the past
    where just a couple of lines of code was critical enough to either have
    sucess or the simluation not achiving real time status, These were real
    programmers then, not just todays so called application coders.

    I hate to mention other vendors in this forum but I want to point out one of
    these differences again with Nortel, Uses VXworks as a code base for many of
    it's products of which I am familiar with in the real time simulation
    processing environement. VX works is very effiencient, handles all memory
    and IO routines direclty in code without any middle lying OS. The code is
    compliled direclty to machine language, THis is not just another higher
    level language complier where you run the executable on yet an underlying
    OS, VX works becomes the operating system. However this requires much more
    system architecture knowledge.

    I do not favor Nortel overall just wish could have some of their ideas they
    had on the Cisco platform. I have always liked Cisco for their routers
    better becasue of the extensive support of protocols and features. However I
    have been let down as they have not implemented a few great standards that
    Nortel has had for a few years now and has been a standard for a long time
    now, I am hurt.

    Nortel is moving to different technologies, some good, some not the way I
    would have liked them to go so they are becoming less a favorite in the
    router market, with the exception in the carrier installations. I do like
    their swtiching platforms better though.

    However there are the other router vendors, But without a stronger presence
    in other markets to protect their business with todays up and downs in the
    industry, I would not want to deploy something that I would not be certain
    would be around for a while longer, or at least until the next forklift
    upgrade is due.

    OK, Too much said, shutting up now......

    MC
     
    MC, May 20, 2004
    #5
  6. Since you said PVC, you're talking about Frame Relay or ATM, which
    generally requires a leased line tail circuit for each remote site.
    Leased lines for every engineer who may need to access source code from
    off-site is going to become extremely expensive. I think most companies
    consider VPN's to be secure enough for this, and I expect this is what
    Cisco uses. And since Cisco sells products that implement this, I'd
    expect them to use them.
     
    Barry Margolin, May 20, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.