BEST OF THE WEB

Cisco issues 10 security fixes for networking hardware

Mid-sized businesses that rely on Cisco’s networking hardware running on IOS will want to check and see if they are affected by one of 10 vulnerabilities that could expose them to a denial-of-service attack.

Cisco Systems issued 10 fixes for different flaws in its IOS (not the Apple mobile operating system) software today. While the manufacturer says hackers haven’t been exploiting these vulnerabilities as of yet, now that the information is in the public sphere it is definitely a possibility. But detailed instructions are online from Cisco that detail fixes or workarounds for the Nework Time Protocol (NTP), the Internet Key Exchange protocol, the dynamic Host Configuration Protocol (DHCP), the Resource Reservation Protocol (RSVP), the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6), the Zone-Based Firewall (ZBFW) component, the T1/E1 driver queue and the Network Address Translation (NAT) function for Domain Name System), and Point-to-Point Tunnelling Protocol (PPTP).

If that all seems like too much of a mouthful for you to absorb, Cisco is offering a software checker tool to find your security fix. You can just upload a file to match up with the fix you need. Or if you know what software version is on your equipment, then you can refer to this table from Cisco Security Intelligence Operations to find your way to the fix.

Typically a denial of service attack is conducted by overwhelming name servers with requests until the point of crashing them or slowing them down very significantly. But in this scenario, it’s possible a hacker could crash a device or disconnect it without a mass attack effort.

The patches were issued Wednesday as part of Cisco’s ongoing program to release IOS security advisories on the fourth Wednesday of every March and September. If you’re a regular user of those products, it’s probably a good idea to add that to your calendar.

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca
Editorial director of IT World Canada. Covering technology as it applies to business users. Multiple COPA award winner and now judge. Paddles a canoe as much as possible.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web