Analyst’s router caution

Gartner is advising network professionals to pay closer attention to their network infrastructure in the wake of the Cisco – Michael Lynn vulnerability disclosure controversy.

  • E-Mail
By  Simon Duddy Published  August 14, 2005

Gartner is advising network professionals to pay closer attention to their network infrastructure in the wake of the Cisco – Michael Lynn vulnerability disclosure controversy. Cisco sued Lynn, an internet security researcher, for publishing details of a Cisco router security flaw against its wishes. Researcher Michael Lynn was an employee of security firm ISS when he uncovered the flaw. ISS and Cisco refused Lynn permission to disclose the flaw but Lynn resigned from his post at ISS and gave a presentation showing how to exploit it at the Black Hat Briefings conference on July 27 in Las Vegas. “The most significant revelation in all this is that organisations have to pay closer attention to their network infrastructure from a patching and security risk perspective,” says Paul Proctor, research vice president of Security and Risk at Gartner. “The edge routers that are most at risk are also the most difficult to patch and protect so organisations are faced with a challenge to address these issues,” he adds. Gartner’s tips: Pay close attention to IOS vulnerabilities, treat them seriously, and follow the guidelines within advisories to upgrade to a newer version of software as the earliest opportunity. Patch internet-facing routers first as they are at much greater risk than internal routers. In the event of a buffer/heap/stack overflow vulnerability, take immediate action to shield your network using a layered defence, including network-based intrusion prevention technologies, to block exploits while executing normal test-and-patch deployment processes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code