[c-nsp] Prepare for router Wednesday

Colin McNamara Colin at 2cups.com
Tue Mar 11 23:35:21 EDT 2008 

 From what I hear, Cisco will still be releasing bug fixes as they are 
fixed, and security vulnerabilities are still tracked as bugs, though 
they may not be explicitly called out as Vulnerabilities. You might want 
to consider utilizing modular IOS and rolling in bug fixes regularly. 
Chances are the Vulnerabilities will be addressed before the bi-yearly 
full release.

Just what I hear, though I have been known to be totally off base before,
-- 

Colin McNamara
(858)208-8105
CCIE #18233,RHCE,GCIH 
http://www.colinmcnamara.com
http://www.linkedin.com/in/colinmcnamara

"The difficult we do immediately, the impossible just takes a little longer"



Frank Bulk - iNAME wrote:
> By not making the update available until the 6 month mark has been met,
> service providers are not able to choose their own update cycle.  Rather, by
> restricting the updates to every 6 months, Cisco has reduced the update
> cycle to, at most, once every 6 months.  So this reduces flexibility for the
> customer, but benefits Cisco by reducing the number of test cycles and
> updates they need to post, i.e. cost savings for them.
>
> Frank
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
> Sent: Tuesday, March 11, 2008 9:32 AM
> To: Jason Gurtz
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Prepare for router Wednesday
>
> On Tue, Mar 11, 2008 at 09:57:11AM -0400, Jason Gurtz wrote:
>   
>>> So we need to wait 6 months for security patches if an exploit which
>>> may affect us is discovered on the fourth Thursday of September?
>>> That's crazy! Let Enterprise customers wait if they want, I want my
>>> security patches ASAP so we can test them for a few days then deploy
>>> network wide. Does anyone else think this is not a rational change?
>>>       
>> Monthly has seemed to be a reasonable trade-off between attack window and
>> manageability.  6 months seems like...yo wtf is in charge there that made
>> this heinous decision?
>>     
>
>         Actually, I know who did this and they're on the list
> last I knew, so there is a chance for your feedback to be read.
>
>         I think it's a challenge coming with any system that is
> perfect.  The issue here is balance.  This strikes a balance in
> favor of expecting a level of uptime from your ISPs.  If they
> were rebooting once a month you might not be very happy.
>
>         Oh well, you can't win them all.  I think this will be
> good overall.
>
>         - Jared
>
> --
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list