[59764] in North American Network Operators' Group
RE: Patching for Cisco vulnerability
daemon@ATHENA.MIT.EDU (Dan Lockwood)
Fri Jul 18 17:20:56 2003
Date: Fri, 18 Jul 2003 14:20:22 -0700
From: "Dan Lockwood" <dlockwood@shastalink.k12.ca.us>
To: "Jared Mauch" <jared@puck.Nether.net>,
"Irwin Lazar" <ILazar@burtongroup.com>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
What kind of testing protocol do providers have in place to test IOS
images prior to deployment. I have never been exposed to those
processes and am curious to understand what takes place as a BCP.
Dan
-----Original Message-----
From: Jared Mauch [mailto:jared@puck.Nether.net]=20
Sent: Friday, July 18, 2003 12:05
To: Irwin Lazar
Cc: nanog@merit.edu
Subject: Re: Patching for Cisco vulnerability
On Fri, Jul 18, 2003 at 12:29:30PM -0600, Irwin Lazar wrote:
>=20
> Just out of curiosity, are folks just applying the Cisco patch or do=20
> you go through some sort of testing/validation process to ensure that=20
> the patch doesn't cause any other problems? Given typical change=20
> management procedures how long is taking you to get clearance to apply
> the patch?
>=20
> I'm trying here to gauge the length of time before this vulnerability=20
> is closed out.
most providers can easily go from (for example)
12.0(21)S3 to 12.0(21)S7 with less testing than from 12.0(21)S to
12.0(25)S
The hurdles are still there to maintain the necessary
customer notifications, etc.. but aside from that, I think the press is
doing their job (good or bad) in that most customers are aware that
there's something bad going on and people are moving to protect the
internet infrastructure.
- jared
--=20
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only
mine.
