As you may have heard, the source code of Cisco's IOS -- which runs the routers that power many corporate networks and much of the Internet -- was recently stolen and illegally divulged in the public arena.
The threat level due to this disclosure is unknown, but is potentially extremely high. Administrators that manage Cisco equipment should monitor their routers and switches with extra caution over the short term.
The FBI is currently investigating the theft and publication on the Full-Disclosure security mailing list of a significant amount of what is thought to be the proprietary firmware code used in Cisco routers and switches.
After a weekend of rumours, denials, and suspicions that the whole thing was nothing more than a hoax, the IDG News Service reported on May 18, 2004, that copies of the Cisco IOS source code had appeared on the Internet after apparently having been stolen from a compromised Sun server on Cisco's corporate network.
The amount of code exposed to hackers seems to have been as much as 800 megabytes, so it is particularly difficult to quickly determine just what vulnerabilities might be found by hackers going over that amount of code with a fine tooth comb.
A post on the Russian security Web site reports to have seen about 2.5 MB of the code, which was supposedly hacked code, from version 12.3 of the IOS.
ZDNet reports that what was actually stolen was some source code, in the form of two raw C programming files, one of them dated 1996 and the other dated 2003.
The fact that very little of the supposedly stolen code has actually been seen circulating in chat rooms or elsewhere may indicate that the claims are exaggerated, but it could also mean that this code was stolen by serious hackers with a commercial or criminal motive.
At this time there are far more questions than answers available, which in some ways, is even worse than knowing what information may have been compromised, because administrators can't fully judge the threat level. They can only carefully watch all Cisco hardware to monitor for suspicious activity.
This Cisco code disclosure follows on the heels of Microsoft's source code disclosure earlier in the year. That sent a lot of administrators (not to mention Microsoft) into a nervous fit. Although no serious exploits have ever shown up that are related to vulnerabilities discovered in that Windows code, there still exists the possibility that something serious will develop.
There is an ongoing debate as to just how serious that security breach was but it's clear that it wasn't a high point in Microsoft's security efforts.
Whether or not malicious people get copies of the stolen Cisco software and are able to discover serious vulnerabilities that can be widely exploited, the mere fact that confidential firmware has been disclosed must weigh heavily on Cisco administrators until or unless it can be absolutely proven, not just claimed, that this doesn't constitute a serious security breach.
In the never-ending debate of open source versus proprietary software, when it comes to security one thing is abundantly clear, once proprietary code is exposed to attackers, it becomes considerably less secure than open source software, where it is at least possible for administrators to examine the source code for themselves. One of the main security pillars that proprietary software relies on is its very secrecy.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2004 TechRepublic, Inc.
6%
1%
