back to article F5, Cisco admins: Stop what you're doing and check if you need to install these patches

F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products. F5 officials said Thursday its most serious issue, a critical flaw in its iControl REST framework with a severity score of 9.8 out of 10, could be exploited to bypass the authentication …

  1. Pascal Monett Silver badge

    "abandoned IT assets"

    I would think that the primary duty of a network admin is knowing exactly what is connected to the network and why.

    Any router or switch should be accounted for, and any new connection (because a beancounter decided to bring in a new router without asking) should be logged and analyzed to find out where it is and why it's there.

    All changes to the network should be documented and a clear overview of the global situation should always be available.

    It's not rocket science.

    1. VoiceOfTruth

      Re: "abandoned IT assets"

      I've seen this problem first hand. Some unlabelled machines plugged in and doing something in our racks. Nobody knows how they got there, or at least nobody was saying. My boss at the time had the right idea. He didn't switch them off, he simply unplugged them then waited to see who turned up. There were a few snide offered from the offending parties and a few acid words given as a reply. It only needed to be done once.

      1. spireite Silver badge
        Trollface

        Re: "abandoned IT assets"

        Classic response, and works every time.

        I use this methodology every time I find a server being used for prod, that isn't actually prod.... or when someone insists on using a server that actually isn't for that use... like a temporary box that's been superceded.

        If I've asked them for several months (really) to change their code, I reserve the right to bork the connection. They've had long enough to sort it...

    2. Anonymous Coward
      Anonymous Coward

      Re: "abandoned IT assets"

      Different viewpoints on this

      1). I’ve seen networks with thousands of building management assets spread over hundreds of sites that no one looks at, fell between the cracks of differing teams, all on the network all running out of date code that could be upgraded but no one is responsible for them.

      2). In different jobs I’ve come across switches that have been running in excess of 10 years, typically Cisco and 6500 series chassis,

      3). Staff churn, I did an audit a few jobs back and found some stuff running in a paid for dc that everyone thought was turned off years before. Stuff was still on an asset register & customer still paid for it, very low traffic volumes as was basically heart beats, cdp, broadcasts etc etc. I couldn’t turn it off as in theory the customer still needed it but I couldn’t find anyone that was using it. Account is with a different outsourcer now, assets are likely still on a register, still being paid for and likely no one knows what’s it’s for but who cares when your being paid for it?

      4). Too big to fail, important switches at the heart of the operation, hundreds of interfaces lots of vrf’s and routing domains. You can’t just drop in a replacement but must migrate onto new tin slowly, unpicking the old and moving addressing over all the while maintaining connectivity.

      If you only have a few systems to manage it’s a no brained, I’d even put in MAC learning to stop people bringing in their own hubs (can you buy hubs anymore) or switches, larger environments with lots of network admins must operate differently 802.1x helps but can be a pain.

  2. VoiceOfTruth

    Isn't it about time that GCHQ audited Cisco and F5?

    These two Swiss cheeses are so full of security holes that it is long overdue for them to be deemed a threat to the national security of every country that has them installed anywhere. They should be ripped out and thrown in the bin, if the threat about 'national security' is genuine...

    If they don't wish to be subjected to an audit, that alone is reason to boot them out.

  3. David Hicklin Bronze badge

    Headline

    I misread the headline to mean "Don't apply the latest patches, they may be dodgy so check you REALLY need them"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like