As the networking behemoth reaches its twentieth anniversary,
enterprises are counting on Cisco to prove that it can handle 21st
century networking
Networking giant Cisco is this week celebrating 20 years in
business while trying not to let a possible leak of its source code
dampen celebrations.
Cisco intended to use the anniversary to unveil a roadmap for its
Internetwork Operating System (IOS) and show how its networking
products will evolve over the next 20 years.
However, the company was embarrassed last week when security news
groups reported that a Russian website had obtained and published
800Mbytes of source code for IOS, the operating system at the heart
of many Cisco products.
Commenting on the security breach the company said, "Cisco is fully
investigating what happened. We continue to take every measure to
protect our intellectual property, employee andcustomer
information.
Last month users were advised to patch their network equipment due
to a flaw in the implementation of TCP/IP, which hackers could
potentially take advantage of to crash company networks. Many
suppliers, including Cisco, issued patches to plug the hole.
Access to the Cisco code would allow hackers to pinpoint potential
programming errors in IOS, which could form the basis of a
network-based attack.
Any code in the public domain found to contain programming flaws
could form the basis of a network attack, said Clive Longbottom, an
analyst at Quocirca. "If there are significant flaws in [IOS']
coding, hackers might be able to create an exploit."
Although, this could pose a risk, a more worrying concernfor Cisco
and the wider usercommunity is the fact that theIOS source code is
effectively Cisco's crown jewels.
Tony Lock, chief analyst at Bloor Research said, "It is a cause of
major concern."
Cisco's networking infrastructure is used widely across theinternet
and by enterprises. The company often holds privileged information
containing details of potential IT security risks. "Until [Cisco]
works out how the codes escaped, it will have to look at all parts
of its security," Lock said.