Sponsored By

A Possible Rootkit Aimed at CiscoA Possible Rootkit Aimed at Cisco

No one really likes to discuss what-if scenarios unless of course you work for some underground agency or security firm or are one of those earning a buck to see the dark side of IT and peer into the inner workings of everything vulnerable.

Matt Brunk

May 29, 2008

2 Min Read
No Jitter logo in a gray background | No Jitter

No one really likes to discuss what-if scenarios unless of course you work for some underground agency or security firm or are one of those earning a buck to see the dark side of IT and peer into the inner workings of everything vulnerable.

No one really likes to discuss what-if scenarios unless of course you work for some underground agency or security firm or are one of those earning a buck to see the dark side of IT and peer into the inner workings of everything vulnerable.It appears that some are concerned with Cisco's routers and switches-specifically, about a possible rootkit that is called the "Da IOS Rootkit," presented at a security conference by Core Security. In 2006, Microsoft's Security Chief Mike Danseglio said of Rootkits, "be afraid, very afraid," but I still don't think the message is out there. We've heard about the Brute Force Attacks and the carrier losses and about the possible SPIT threats. To hear now that the Cisco routers and switches that sit in networks are vulnerable to rootkits is a bit unnerving.

What really gets my attention in the article about the Cisco vulnerability is what Cisco's Security Officer, John Stewart complained about: the customer's unwillingness to upgrade their Cisco IOS. Then, he goes on to add:

"I can give them the list of known vulnerabilities, but customers still don't want to touch it because it's working... I think there's a certain level of 'well it's working, don't touch it, because it's fragile, it might break'. I understand that, however I don't find it acceptable," he said.

So before you buy into "No One Gets Fired For Buying Cisco," you better consider "Can Everyone Afford to Buy Into Cisco" first. 3Com's (Tipping Point) Chief Architect has a different take on trying to secure the routers and switches. So no one is likely going to argue that IPT isn't vulnerable, no one is going to make a stand that they aren't afraid- after all, if Microsoft is afraid then wouldn't you be?

"Security, Speed, Quality" is an old, old military argument--that you can't have all three; inevitably you have to sacrifice one or even two. Until it happens, the security massacre that could impact IPT to a scale that grabs everyone's attention seems to be a theory. Maybe the grand event won't happen--but if it ever does, are you ready?

About the Author

Matt Brunk

Matt Brunk

Matt Brunk has worked in past roles as director of IT for a multisite health care firm; president of Telecomworx, an interconnect company serving small- and medium-sized enterprises; telecommunications consultant; chief network engineer for a railroad; and as an analyst for an insurance company after having served in the U.S. Navy as a radioman. He holds a copyright on a traffic engineering theory and formula, has a current trademark in a consumer product, writes for NoJitter.com, has presented at VoiceCon (now Enterprise Connect) and has written for McGraw-Hill/DataPro. He also holds numerous industry certifications. Matt has manufactured and marketed custom products for telephony products. He also founded the NBX Group, an online community for 3Com NBX products. Matt continues to test and evaluate products and services in our industry from his home base in south Florida.

See more from Matt Brunk

Editor's Spotlight

How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
Ccaas
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations

Dec 16, 2024

How Talkdesk Delivers for Vertical Industries
Ccaas
How Talkdesk Delivers for Vertical Industries
How Talkdesk Delivers for Vertical Industries

Dec 5, 2024

How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
Ccaas
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity

Dec 17, 2024

Subscribe to Our Weekly Newsletters
Stay informed and sign up for weekly No Jitter and WorkSpace Connect newsletters
Sign Me Up
Mar 17 - Mar 20, 2025
As the #1 communications, collaboration and CX Conference and Expo in North America, we empower IT professionals to confront and overcome today's most pressing challenges. Attend Enterprise Connect and join thousands of like-minded peers building a framework for future success. You’ll walk away with rich learning experiences, invaluable connections, business opportunities, and inspiring insights. Register with Promo Code CONNECT25 to save $200 on Conference passes.
Learn More