IT departments have been urged to steer clear of any
"too good to be true" bargains onCisco equipment, to avoid buying
counterfeit goods.
The warning follows the seizure by the
US Department of Justice and Department of more than 400
counterfeit Cisco network hardware and labels with an estimated
retail value of more than £38m last month.
Businesses drawn to buying bargain Cisco equipment could find
the products were not covered by Cisco's guarantee and may contain
malicious software, said industry specialists this week.
Terry Street, product manager for procurement at Socitm
Consulting, said, "If you buy a counterfeit the product may not be
fit for purpose and you may not be able to register it correctly
with Cisco." These so-called "grey import" products would likely
have an identical serial number to a genuine product, he said.
Gary Sussex, ICT services manager at
Newham Borough Council said, "There are 'Grey imports'
available on the market, some of which are supplied as 'Genuine'."
To tackle the problem he said he dealt exclusively with Cisco
Approved resellers using catalyst or PASA frameworks for
purchasing. This means equipment serial numbers are logged and can
be checked with Cisco for authenticity.
The problem for network administrators is that the counterfeit
network equipment is very good and so it can be difficult to spot
differences.
A Cisco reseller commenting on an online message thread about
fake Cisco gear last year said, "The fakes are very good, look the
same, work the same, running the real IOS (Cisco operating system),
its amazing how good they are considering they are fakes often very
high quality but still nothing beats having authentic gear with
full support from Cisco."
IT directors should also be wary of the IT security implications
of counterfeit network equipment. Computer Weekly blogger David
Lacey said, "Security professionals in high threat environments
have long been concerned about the sourcing of hardware and
software. That is because it is easy to plant a bug or a back door,
but extremely hard to detect one."
Ken Munro, managing director at SecureTest said that the
existing accreditation process did not cover switches, routers and
other devices at a low enough level, to detect firmware-based
malware.
Cisco said it was working closely with law enforcment agencies
around the world to prevent the sale of counterfeit equipment.
“There are some steps that a customer can take to minimize the
risk of purchasing counterfeit products. The most important of
these is to make sure that the supplier they are purchasing the
products from is an authorised Cisco partner,” it said.
Cisco said concerned users should contact Cisco Brand Protection
at brandprotection@cisco.com.
How to spot fake Cisco gear
*The price is too good to be true.
*Avoid buying Cisco grear from eBay or direct from China
*Check holograms
*Make sure documentation is written in English, using the same
font and without spelling mistakes.
*Serial numbers should be checked against Cisco's database.
Source:
UsedCisco.com