12-08-2016 03:42 AM - edited 03-12-2019 01:38 AM
Hi
just a general question. is it necessary to keep ios up to date or can it be left running what it is?
Any thoughts, opinions?
12-08-2016 03:49 AM
I try my best to upgrade as often as possible to get above potential bugs and security vulnerabilities. Also, I don't like having Cisco appliances with an uptime of >1 year.
12-08-2016 07:30 AM
Check periodically if there is interim version of specific code you are running. You don't always have to go to highest recommended version to re-mediate security threats. If major threat comes up Cisco will suggest specific versions (you can subscribe to get notifications about them). It is good to upgrade devices as often as possible but you may end up hitting bugs and spending a lot of time trying to fix issues caused by them. Specially if you don't have smartnet.
Nenad
12-09-2016 02:55 PM
Unless the vulnerabilities get out of control, the people (or group) who discover the vulnerabilities normally provide some time before publishing the vulnerabilities. This gives the manufacturer to verify the vulnerability and find solution.
I subscribe to Cisco's security RSS feed and this helps me keep a good look-out of what's happening out there.
I am sad to see none of the "old hands" (like Rick, Giuseppe, Paolo, Jon, "Smooth Rob", Joe D) haven't chimed into this topic-that-never-goes-away.
12-08-2016 09:42 AM
As in every area of IT you will want to patch your systems. In case stability is very important to you using LTS releases is recommended. Dont instantly patch to bleeding edge releases one day after they are released and check the bug tracker for any showstopper bugs that you would introduce through updates.
12-09-2016 02:15 AM
Thanks for your response guys. Much appreciated.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: