Slashdot Mirror


Cisco Systems Will Be Auditing Their Code For Backdoors (cisco.com)

An anonymous reader writes: In the wake of the discovery of two backdoors on Juniper's NetScreen firewall devices, Cisco Systems has announced that they will be reviewing the software running on their devices, just in case. Anthony Grieco, a Senior Director of the Security and Trust Organization at Cisco, made sure to first point out that the popular networking equipment manufacturer has a "no backdoor" policy. According to Grieco, Although our normal practices should detect unauthorized software, we recognize that no process can eliminate all risk. Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience. The reviewers will be looking for backdoors, hardcoded or undocumented account credentials, covert communication channels and undocumented traffic diversions.

2 of 128 comments (clear)

  1. You mean by Anonymous Coward · · Score: 5, Insightful

    They havent been already?

    1. Re:You mean by Anonymous Coward · · Score: 5, Insightful

      No, time and again their products have exploits that had fixes for a long time. No one should use cisco products, they aren't secure.

      You're an idiot. If you're a Carrier network or large Enterprise, you have two options- Juniper or Cisco. Nobody else makes hardware that even comes close when you're talking routing and switching. IF Cisco (or Juniper) were as insecure as you claim, the entire internet would have been completely owned long ago.

      Yes, there have been issues at times with various specific product lines. But neither Cisco's primary IOS nor Juniper's Junos have ever had a large-scale issue in regards to security, and what issues have shown up over the years have been simple to mitigate or render moot, and are fixed quickly... usually long before the media ever gets wind of it. Most of the problems show up in the crappier low-end product lines, or platforms that are already end of life.

      There's no good reason you should even have the device's management interface directly exposed to the public internet. Period. If you want to be able to remotely manage your equipment, you setup a VPN which will then give access to your internal, privately addressed (i.e. not publicly routable) management network, and access the equipment from the inside. You should ***NEVER*** be able to directly open a connection, either via SSH or any other method, from the 'wild' internet... it's just flat out stupid even if there are no flaws in your equipment.