So far, 2007 has not been a very good year for Cisco. Yesterday they announced two more vulnerabilites in their Internetwork Operating System (IOS) – that’s 5 this year if my count is correct. And today they announced vulnerabilites in some PIX and ASA appliances:
This month:
- Multiple Vulnerabilities in Cisco PIX and ASA Appliances (#77853)
- Multiple IOS IPS Vulnerabilities (#81545)
Last month:
- Crafted TCP Packet Can Cause Denial of Service (#72318)
- Crafted IP Option Vulnerability (#81734)
- IPv6 Routing Header Vulnerability (#72372)
The point is, just because you know about Patch Tuesday that’s not enough. Ron Popeil doesn’t make IT security – you can’t just ‘set-it-and-forget-it’ after the Microsoft patches are rolled out. If you’re a good SBSer you should (and probably already do) read Susan Bradley, Dana Epp and the SANS blog. Security is a constant battle, and here are some more weapons to add to your utility belt.
Best Practices:
- If you ARE sporting Cisco gear on your networks, check out the Cisco Security Advisories website or subscribe to the RSS feed.
- If you AREN’T running Cisco gear, be aware that everybody else on the internet is, and you may get support calls on internet connectivity issues if gear out in the cloud is affected.
- Also, check out the United States Computer Emergency Readiness Team (US-CERT) Technical Cyber Security Alerts website or their RSS feed to stay on ahead of the security curve.