Tuesday, March 11, 2008

Cisco to Patch Routers on Regular Schedule

Via CIO -

Following the lead of Microsoft and Oracle, Cisco Systems will start releasing security patches for some of its products on a schedule.

The scheduled updates will be for the Internetwork Operating System (IOS) software used by routers and switches that Cisco sells to enterprise and telecommunications industry customers. Other Cisco products, including those from its Linksys division, will continue to be updated as before.

The first of these scheduled updates will occur on Wednesday, March 26, and Cisco will continue to release patches on a twice-yearly schedule after that, Cisco said in a note posted Wednesday on its Web site. These firmware updates will ship on the fourth Wednesday of September and March each year.

That's less frequently than the other major vendors that have moved to regular security updates. Microsoft releases its security patches on the second Tuesday of every month; Oracle is on a quarterly update schedule.

Cisco published eight security advisories for IOS security bugs last year. IOS has come under increased scrutiny in recent years as hackers have developed new ways of attacking router software. Because Cisco's routers are so widely used, IOS is considered to be an attractive target for attackers.

Like other companies that have adopted predictable patch schedules, Cisco says it wants to make life easier for its enterprise customers, who can set aside time to test and roll out the patches.

"Our customers ... are asking us to reduce the amount of 'flux' in their networks by bundling patches for multiple security vulnerabilities," the company said in a statement.

-------------------------

This should be good news for the less than 10% of Cisco router customers that acutally patch their production routers.....

Ok, I made that number up....but it isn't uncommon to find super old routers sitting all over the place during a security assessment. Look over GNUCitizen's SNMP Scanning results (CSV), if you don't believe me.

As a former Cisco network administrator, I know how nerve racking it can be to apply a new IOS and reboot a router that is hundreds of miles away from you....30 secs feels like an hour...just staring at ping results - hoping it comes back up.

Lucky for me, most of the time they did.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)