News

Birthday celebrations marred by questions about source code leak

Cliff Saran
As the networking behemoth reaches its twentieth anniversary, enterprises are counting on Cisco to prove that it can handle 21st century networking

Networking giant Cisco is this week celebrating 20 years in business while trying not to let a possible leak of its source code dampen celebrations.

Cisco intended to use the anniversary to unveil a roadmap for its Internetwork Operating System (IOS) and show how its networking products will evolve over the next 20 years.

However, the company was embarrassed last week when security news groups reported that a Russian website had obtained and published 800Mbytes of source code for IOS, the operating system at the heart of many Cisco products.

Commenting on the security breach the company said, "Cisco is fully investigating what happened. We continue to take every measure to protect our intellectual property, employee andcustomer information.

Last month users were advised to patch their network equipment due to a flaw in the implementation of TCP/IP, which hackers could potentially take advantage of to crash company networks. Many suppliers, including Cisco, issued patches to plug the hole.

Access to the Cisco code would allow hackers to pinpoint potential programming errors in IOS, which could form the basis of a network-based attack.

Any code in the public domain found to contain programming flaws could form the basis of a network attack, said Clive Longbottom, an analyst at Quocirca. "If there are significant flaws in [IOS'] coding, hackers might be able to create an exploit."

Although, this could pose a risk, a more worrying concernfor Cisco and the wider usercommunity is the fact that theIOS source code is effectively Cisco's crown jewels.

Tony Lock, chief analyst at Bloor Research said, "It is a cause of major concern."

Cisco's networking infrastructure is used widely across theinternet and by enterprises. The company often holds privileged information containing details of potential IT security risks. "Until [Cisco] works out how the codes escaped, it will have to look at all parts of its security," Lock said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy