cisco messed up, safe architecture??

How could they have the IOS source on a server that is attached on a network
that can be accessed by the public internet?? Thats like Coke leaving the
formula in a public place hoping no one takes it.

They should have had a seperate secret encrypted network (like the DoD
SIPERNET) that does not touch the public network. For the cisco developers
give them 2 desktops, a special desktop with no ports/drives accessible by
the user and is attached to a special private encrypted wan/lan that does
not touch the public network physically at any point then one desktop
attached to the regular non-secret network which can access the internet
etc..

Its not like cisco is cash strapped and cannot have such a system in place

 

Maybe because Cisco employees sometimes work from home? This is not
national security we're talking about, it doesn't need military-level
protection?

 

You can still work from home, provide the end user with a thin client
terminal and a router with a PVC on that secret network, the thinclient can
connect and work from a vaulted system assigned to the user.

This loss is a big one in terms of Intellectual property that can be glossed
over by the competition and China will probably jump on that code. Cisco can
afford to have a second private encrypted frame relay network for
development, This is one of ciscos crown jewels we are speaking about.

 

You sound pretty sure that access to the code was obtained via the
public Internet by an unauthorized user (i.e., a non-Cisco employee).
I assume you have a link where Cisco confirms that this was indeed
what happened -- can you post it? I haven't seen any such admission.

-Terry

 

I get very nervous having a vendor try and sell me on a security solution
when they do not follow many of the same recommended practices they suggest
or worse when they sell security solution then they get hacked, not very
comfortable with their securitry solutions. Of course not sure the excact
details of how the code got leaked yet either.

Of course look at how many vulnerabilities are continously released against
the PIX firewall platform.

I have never been impressed with other Cisco solutions other than routers.
And then there was a time I was getting many DOA routers from Cisco, Bad
quality control when started being made outside of the US.

And reading another topic relating to how over the years the IOS code has
been developed by being patched by many different people, The code base is
not as wel understood by anyone enough now to get it more effiecient and
smaller in size. We are at an empass where we can not go and upgrade a large
number of routers to have tons of memory and flash just to run the newer
code that we are having to go to to be anywhere near being supported and fix
some vulnerabilities just to run the same features and configurations and
will never change.

I am also using Nortel routers in many networks. The one thing I like about
their BayRS is I can get any level of feature set softeware and using an
image builder part of their sitemanager application custom build an image to
a samller size that includes only the protocols and features I need to a
very small image size.

What Cisco needs to do is invest resources in moving their IOS from just a
feature set code base to a modular one. where one can add different modules
to build an image to include only what is needed. And at the same time
rewrite the code to be more effiecient.

There is a big difference in the way vendors implement hardware and the
software architecture that is used that make a big difference in the way the
platform will perform.

I have worked in an engineering real time simulation environment in the past
where just a couple of lines of code was critical enough to either have
sucess or the simluation not achiving real time status, These were real
programmers then, not just todays so called application coders.

I hate to mention other vendors in this forum but I want to point out one of
these differences again with Nortel, Uses VXworks as a code base for many of
it's products of which I am familiar with in the real time simulation
processing environement. VX works is very effiencient, handles all memory
and IO routines direclty in code without any middle lying OS. The code is
compliled direclty to machine language, THis is not just another higher
level language complier where you run the executable on yet an underlying
OS, VX works becomes the operating system. However this requires much more
system architecture knowledge.

I do not favor Nortel overall just wish could have some of their ideas they
had on the Cisco platform. I have always liked Cisco for their routers
better becasue of the extensive support of protocols and features. However I
have been let down as they have not implemented a few great standards that
Nortel has had for a few years now and has been a standard for a long time
now, I am hurt.

Nortel is moving to different technologies, some good, some not the way I
would have liked them to go so they are becoming less a favorite in the
router market, with the exception in the carrier installations. I do like
their swtiching platforms better though.

However there are the other router vendors, But without a stronger presence
in other markets to protect their business with todays up and downs in the
industry, I would not want to deploy something that I would not be certain
would be around for a while longer, or at least until the next forklift
upgrade is due.

OK, Too much said, shutting up now......

MC

 

Since you said PVC, you're talking about Frame Relay or ATM, which
generally requires a leased line tail circuit for each remote site.
Leased lines for every engineer who may need to access source code from
off-site is going to become extremely expensive. I think most companies
consider VPN's to be secure enough for this, and I expect this is what
Cisco uses. And since Cisco sells products that implement this, I'd
expect them to use them.