Bruce Schnier blogs about the latest Cisco problem. I’ve been steering people away from Cisco firewalls/IDS/VPN because you have to buy the expensive service contract to stay not-vulnerable. Compared this with linux-based products where you just pay for the hardware and any enhancements you want to add to the product. Add to that the cost of a hot or cold-standby and Cisco looks really expensive.
Now, Cisco is suing security researchers who dare point out their vulnerabilities. This is only going to discourage independent researchers from evaluating Cisco gear and there will be fewer vulnerabilities publically disclosed. Of course, it’s not going to slow down the bad guys, so Cisco security is just going to get worse.
I’m still recommending Cisco switches, but it’s time to get their gear off your network perimeter.