cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1723
Views
0
Helpful
5
Replies

Why update ios?

SEKII
Level 1
Level 1

Hi,

We are have any cisco switches with ios 12.1-15.2.

I request our network engineer to update ios to last version.

They ask - for what it need? All work normal. All swithes stay in internal network and any security updates not needed

Tell me please arguments for update cisco device?

 

2 Accepted Solutions

Accepted Solutions

I can say YE / NO what network Engineers said, But you need to also think that Security RISK is more internall some time , not required from external.

Look at the version it was running in internal network switches. Look at  the PSIRT recomendation and find any issue if it was reported.

Look for the new recommended version read the release notes, test some switches and all working upgreade test of the network switches.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

My answer is still the same: Upgrade the firmware or else you'll hear it in the 11 o'clock news that the network has been breached and the exploit used for the ingress was one of the appliances running on an old firmware with known security vulnerabilities.

View solution in original post

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame
Who's the boss? You or the network engineers?
If you tell them to update the firmware, their response(s) should be "yes, sir!".
Otherwise they can see the reason on the 11 o'clock news when some hacker group breaches the network via vulnerable appliances using known firmware exploits.

You are right, i'm the boss, and of course if i say "do" - they will be do.

But i want to clearer know all risks if IOS not be updated.

At IT specialist proverb "If all work, then do not touch" :) 

 

P.S. All it about internal network, not for Wirewall/ASA/ etc.

I can say YE / NO what network Engineers said, But you need to also think that Security RISK is more internall some time , not required from external.

Look at the version it was running in internal network switches. Look at  the PSIRT recomendation and find any issue if it was reported.

Look for the new recommended version read the release notes, test some switches and all working upgreade test of the network switches.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ok, i understand.

Our network engineers said what they already see all recommendations and updates. And no need to updates.
Off course they not monitor updates and just not want to update - it's laziness.

 

My answer is still the same: Upgrade the firmware or else you'll hear it in the 11 o'clock news that the network has been breached and the exploit used for the ingress was one of the appliances running on an old firmware with known security vulnerabilities.