Birthday celebrations marred by questions about source code leak

As the networking behemoth reaches its twentieth anniversary, enterprises are counting on Cisco to prove that it can handle 21st...

As the networking behemoth reaches its twentieth anniversary, enterprises are counting on Cisco to prove that it can handle 21st century networking

Networking giant Cisco is this week celebrating 20 years in business while trying not to let a possible leak of its source code dampen celebrations.

Cisco intended to use the anniversary to unveil a roadmap for its Internetwork Operating System (IOS) and show how its networking products will evolve over the next 20 years.

However, the company was embarrassed last week when security news groups reported that a Russian website had obtained and published 800Mbytes of source code for IOS, the operating system at the heart of many Cisco products.

Commenting on the security breach the company said, "Cisco is fully investigating what happened. We continue to take every measure to protect our intellectual property, employee andcustomer information.

Last month users were advised to patch their network equipment due to a flaw in the implementation of TCP/IP, which hackers could potentially take advantage of to crash company networks. Many suppliers, including Cisco, issued patches to plug the hole.

Access to the Cisco code would allow hackers to pinpoint potential programming errors in IOS, which could form the basis of a network-based attack.

Any code in the public domain found to contain programming flaws could form the basis of a network attack, said Clive Longbottom, an analyst at Quocirca. "If there are significant flaws in [IOS'] coding, hackers might be able to create an exploit."

Although, this could pose a risk, a more worrying concernfor Cisco and the wider usercommunity is the fact that theIOS source code is effectively Cisco's crown jewels.

Tony Lock, chief analyst at Bloor Research said, "It is a cause of major concern."

Cisco's networking infrastructure is used widely across theinternet and by enterprises. The company often holds privileged information containing details of potential IT security risks. "Until [Cisco] works out how the codes escaped, it will have to look at all parts of its security," Lock said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.