> -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Sunday, February 14, 2010 4:15 PM > To: Tomas L. Byrnes > Cc: Benjamin Brown; [email protected] > Subject: Re: [funsec] Can you trust Chinese computer equipment? > > On Sat, 13 Feb 2010 21:48:31 PST, "Tomas L. Byrnes" said: > > The corollary of the "test baseline" in my prior post is that EVERY > > piece of hardware that comes into my networks gets reflashed and > > reloaded with MY gold master disks/config. > > That just pushes the problem around. How do you know that basically > unaudited IOS you just flashed into that Cisco doesn't have a very > subtle back door in it, left by some Chinese-agent coder (who could > possibly be a disgruntled white dude) back in IOS 11? > > And yes, there are organizations where that level of tinfoil-hat > paranoia is called for... > > > Not only does this eliminate preinstalled malware, but I also get > zero > > crapware going into production. > > It's hard enough to find a version of IOS that actually *works* - most > sites end up settling on one that only has non-debilitating issues in > their environment. > > But the fact that Cisco box is probably not loaded with the one IOS > version that actually works in your network is reason enough to reflash > it. > > > Security is a degenerate case of traffic and configuration > management. > > I'd hassle you about that one, except that Verizon study that showed > config issues contributed to 90% of the breaches. Damn pesky facts. ;) [Tomas L. Byrnes] [Tomas L. Byrnes] We're arguing degree here. It's about controlling what you can control so you have time and energy to focus on what you can't, and baseline and positive control of what gets installed is one of them.
Agreed, if the scenario Winn Schwartau wrote about in "Terminal Compromise", where the author of the dominant OS was compromised so that a foreign power can put a bomb in everyone's machine, then no-one, except those who have complete source code to object code, and the full build cycle, control of everything, with every one who has access subject to least privilege and independent audit at each stage, is safe. I've worked in places where that sort of tinfoil hat is necessary. It's why we get "$5,000.00 toilets", since it's much safer to not allow any exceptions to the audit protocol than to run the risk of something critical not being subject to it. For mere mortals, making everything your own "Gold Master" before deployment is a no duh step, and has the added benefit of preventing pesky interoperability problems and being "bug compatible", and behaving in the way your sysadmins are used to. As for IOS, well, IMO, it continues to exist for the same reason as Windows, inertia (which isn't an invalid reason, btw). _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
