If you have a MARS, go to the CLI and type "expert" - I believe it'll prompt for a password.
Part of the point is that a similar issue will happen again which will require TAC access to the MARS OS and I'm wondering what Cisco's plan is to deal with that in the future. The MARS manager I spoke with during this support issue provided this rationale: there is a lot of easily-accessible intellectual property, due to their use of shell scripts, Java, etc., that they'd prefer stay obscured. I mentioned that someone could probably rip out the hard drive and access it anyway but he said it would still be protected. Um, okay, maybe so and I'm not really a forensics guy. I just know that this is not a typical Cisco approach and it caused a major support headache for me and a major client.
Brent Stackhouse, GSEC/GCIH VP of Security Solis Security, Inc. Austin, Texas 512-417-9772 www.solissecurity.com Jason wrote:
3. The MARS OS is a Linux distro but users can't get to the actual OS. This wouldn't normally be a problem but there was a bad MARS build that was published recently, yanked within a day or so, and then required a TAC engineer to remotely login to the MARS box to fix it. This is contrary to every other Cisco device, including Linux-based 42xx IDS/IPS, that I've worked with.Can I read into that statement that there is a some form of capability that does allow access to the OS but only to Cisco TAC? Did you need to enable an account and password for that access or simply access to the system?
smime.p7s
Description: S/MIME Cryptographic Signature
