Periodik Labs

The Chief Security Officer at Cisco says that the company user's have a "hygiene" problem. What he means is that not enough Cisco network administrators keep up to date on their software security patches. As the SANS editors point out, the problem is not that administrators don't want the latest version of IOS, it's just that installing a new version of IOS is such a pain in the neck that they are loath to do it. A single IOS vulnerability can mean weeks of upgrading for any large Cisco shop. The last time I upgraded IOS on a single Cisco access point it took over an hour. Granted, some of that time was spent re-reading the instructions (i don't do this very often, and keeping hardware up to date is not really part of my job description), but multiply even a fraction of that times several thousand access points, routers, switches, et. al., and you get an idea of the scale of the problem.

Andy Hertzfeld tells the story of Steve Jobs coming to his cube and telling him to make the Mac boot faster. Cisco can save dozens of lives by coming up with a better patch system — one that doesn't require taking the hardware out of service, uploading an entire new IOS image, and re-checking the configuration before returning the device to service.