Cisco lauded for early OS security warning
Cisco has been praised by resellers for its swift reaction to a security vulnerability discovered in its operating system software.
Cisco has been praised by resellers for its swift reaction to a security vulnerability discovered in its operating system software.
The company last week revealed it had discovered a vulnerability that could allow an attacker to intercept and modify traffic going to and from switches and routers.
The Internetworking Operating System software contains a flaw that permits the successful prediction of TCP initial sequence numbers.
Ian Campbell, technical director at Cisco reseller TriSystems, which also supplies e-Threat security software, said that Cisco alerted its partners to the flaw immediately, allowing them in turn to alert their customers.
"Most operating systems have between 10 and 15 flaws a year in one degree or another," Campbell said. "This is probably the most major fault that Cisco has discovered in a long time. But at least it let everybody know straight away."
By alerting customers to the problem, the information can be passed on to customers rather than leaving it until it's too late, he explained.
"Cisco outsourced all its manufacturing operations but correctly kept its in-house technical team and software developers," Campbell said.
In doing so, the company is then able to deal with any problems straight away.
To compensate for the security glitch, Cisco has promised free software upgrades to all companies affected by the flaw.
Greg Carlow, managing director of Cisco reseller Repton, said: "Cisco has been fully cooperative throughout this situation, and has not tried to hide behind procedures or statements. It has been fairly courageous in admitting that there has been a problem."
Companies often feel that admitting there are problems means their competition gets ahead, said Carlow. "But this is not the case," he added. "Customers are better off knowing."
Carlow claimed that when vendors deny security problems, companies do not become aware of them until their system have been hacked and their data is everywhere.
"With any security product there are always going to be problems," he said. "The tendency is to overreact."
Also published in Computer Reseller News
Highlights