Cisco IOS Naming Conventions and Versioning. www.TASK.to © Toronto Area Security Klatch 2007 Presentation Intro Cisco IOS Naming Conventions and Versioning.

Slides:

Advertisements

Similar presentations

Project Name Kelly Waters July Author: Date: Version:

Advertisements

Multivendor Interoperability

DELIVERING SHAREPOINT AS A SERVICE

ERP Applications Selection in a Changing Marketplace Evaluation of Software Providers for Midsize Institutions Bill Reed Director, Special Projects Northern.

IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.

Common Management System – CMS “CMS Status & Future” 1 Financial Officers Association April 2004 “CMS Status & Future” William Griffith Vice President,

Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:

Information Resources Management January 23, 2001.

What is Software Design?. Systems Development Life- Cycle Planning Analysis Design Implementation Design.

Unit 1, Lesson 4 Software Development Cycle AOIT Introduction to Programming Copyright © 2009–2012 National Academy Foundation. All rights reserved.

SOFTWARE MAINTENANCE 24 March 2013 William W. McMillan.

MCAS Overview Presentation 99/04/28, Publication Number ESD C ritical A pplication M ission S ervices When strategic business applications…

The Efficient Fabric Presenter Name Title. The march of ethernet is inevitable Gb 10Gb 8Gb 4Gb 2Gb 1Gb 100Mb +

*As of April, 2015 Most Common Path.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

CCNA 2 v3.1 Module 2.

Software Process CS 414 – Software Engineering I Donald J. Bagert Rose-Hulman Institute of Technology December 17, 2002.

Assuming Software Maintenance of a Large, Embedded Legacy System from the Original Developer by William L. Miller Lawerence B. Compton Bruce L. Woodmansee.

Patch Management Strategy

© 2004 Cisco Systems, Inc. All rights reserved. Operating and Configuring Cisco IOS Devices Starting a Router INTRO v2.0—8-1.

Lieberman Software Random Password Manager & Workflow Delegation.

Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.

ASAP Overview Presentation 98/07/30, Publication Number SWEO S ervices A lliance A pplication P rogram When strategic business applications…

© 2012 IBM Corporation Rational Insight | Back to Basis Series SCM introduction Chu Shu June 2012.

Using IBM Rational Unified Process for software maintenance

Dillon: CSE470: SE, Process1 Software Engineering Phases l Definition: What? l Development: How? l Maintenance: Managing change l Umbrella Activities:

Component-level testing – Equivalence partitioning, boundary value analysis, path testing Navigation testing – Testing navigation syntax and semantics.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

Lecture 31 Introduction to System Development Life Cycle - Part 2.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Lecture 19 Chapter 10 A Portfolio Approach to Managing IT Projects.

Before: Servers Behind Firewalls Today: Servers Migrate Out Business drivers: E-Business Supply chain management CRM.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Software Engineering MCS-2 Lecture # 6

A Networked Machine Management System 16, 1999.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 2 Introduction to Routers.

Implementing Sakai at Your Institution. 2 Small-scale Sakai at Boston University.

CSCI 521 Final Exam Review. Why Establish a Standard Process? It is nearly impossible to have a high quality product without a high quality process. Standard.

A. Peter Anderson Introduction to IOS 15 Trains, Numbering, and System Image Packaging Associate Professor August 4, 2013.

Chapter 8 Workflows of the Process Taken from Walker Royce’s textbook – Software Project Management plus a number of Personal Comments.

Mapping the Software Assurance Landscape: A Guide to What’s Going On In the Community Sean Barnum.

Connecting with Computer Science2 Objectives Learn how software engineering is used to create applications Learn some of the different software engineering.

Securing Java Applications

Introduction to Routers

Websense SLP (Software Licensing Program) Sherri Conover Websense Business Unit Manager March 17, 2010.

Making the System Operational Implementation & Deployment

Timesheet training Version: Introduction Duration: 1.5 hours Purpose: Guide on how to use Timesheet.

Maekawa: Quorum Size Research Jeremy Miller Kent State University November 28 th,

CERN IT Department CH-1211 Genève 23 Switzerland t Migration from ELFMs to Agile Infrastructure CERN, IT Department.

Software Project Management

Managing TDM Drawings Lifecycle WorkFlow Created: March 30, 2006 Updated: April 10, 2006 By: Tony Parker.

@rizinsights | #SPSPHILLY | #PM4SPT. Thanks To Our Sponsors!

CS223: Software Engineering Lecture 32: Software Maintenance.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introduction to IOS.

Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.

1 March 19, Test Plans William Cohen NCSU CSC 591W March 19, 2008.

Advanced Software Engineering Dr. Cheng

A Brief intro to Project Management What can it do for you

The Efficient Fabric Presenter Name Title.

CS 5150 Software Engineering

Dresdner Bank & Wyndham International: The Business Case for Server Consolidation Chapter 3 Case 2.

PS wire scanner failures

Critical Path Analysis (CPA)

A BRIEF INTRODUCTION TO UNIX OPERATING SYSTEM

Making the System Operational Implementation & Deployment

Enterprise Program Management Office

Continuous Integration

Evolutionary Software Process Models

Presentation transcript:

Cisco IOS Naming Conventions and Versioning

© Toronto Area Security Klatch 2007 Presentation Intro Cisco IOS Naming Conventions and Versioning Presented by: Ross Barrett Reverse Engineer and Developer Vulnerability and Exposure Research Team (VERT) nCircle Network Security Presented to: TASK (Tuesday, March 27, 2007)

© Toronto Area Security Klatch 2007 Outline  Introduction  Cisco IOS History and Major Versions  Understanding Complex Version Strings  Relating a version string to a Cisco Security Advisory  Summary and References

© Toronto Area Security Klatch 2007 Introduction What is Cisco IOS?  Cisco IOS or simply “IOS” is the brand name for Cisco Systems’ Internetwork Operating System.  Cisco IOS is the software running most Cisco networking products.  Since the 90’s Cisco has released more than 1500 revisions of IOS.  As a result, the IOS naming scheme has grown quite complex.

© Toronto Area Security Klatch 2007 IOS 12.1 and 12.2 Release Trains

© Toronto Area Security Klatch 2007 IOS Security  Cisco has issued more than 100 security advisories relating to IOS.  Correctly relating the IOS versions present on your network to Cisco advisories enables security administrators to:  Identify “at risk” systems  Avoid false positives

© Toronto Area Security Klatch 2007 Basic IOS Versioning Each Cisco IOS release is uniquely identified by: Mainline releases do not have a release train letter. Major Revision Number Release Train 12.2 (4) T Maintenance Revision

© Toronto Area Security Klatch 2007 IOS Release Trains Consolidated Technology Early Deployment (CTED)  Release Train “T”, branched the from mainline Specific Market Early Deployment (SMED)  Release Trains identified by a single letter other than “T” (“S”, “E”, “B”, etc.), branched the from mainline Specific Technology Early Deployment (STED)  Release train has two letters, (e.g. BA, BB, BC), branched from “T” train. Experimental Early Deployment (XED)  Release train has two letters. First letters is “X”, “Y”, or “Z”. Increments from XA for each major release. Branched from “T” train.

© Toronto Area Security Klatch 2007 Complex IOS Version Strings 12.3(10e)  The 5 th rebuild (represented by ”e”) of the 10 th revision of IOS 12.3 main line. 12.3(14)YM8  The 8 th revision of the 39 th XED train branched from the 14 th revision of IOS (15)MC2c  The 3 rd rebuild (“c”), of the 2 nd revision of the 3 rd release (“C”) in the “M” STED train branched from the 15 th revision of IOS (17d)SXB5  The 5 th revision of the 2 nd XED train branched from 12.2(17d)S.

© Toronto Area Security Klatch 2007 IOS Security Advisories The flaw is fixed in 12.3(11)T10 but still exists in 12.3(14)T6

© Toronto Area Security Klatch 2007 Conclusion  Running a main line release is not necessarily any more secure then an XED release.  XED releases may contain undisclosed flaws.  Comparing versions with different major revision numbers or release trains is comparing apples and oranges.  There are exceptions to the naming conventions. (e.g. version 12.0(2)W5 where “W5” is the release train)

© Toronto Area Security Klatch 2007 References Cisco IOS Releases: The Complete Reference  Author Mack M. Coulibaly, Cisco Press, 2000 Related paper: nologies_white_paper09186a00800a998b.shtml The IOS roadmap (c 2004): tml

QUESTIONS?

© Toronto Area Security Klatch 2007 Summary -IOS is widely deployed and runs critical network infrastructure. -There have been more than 1500 revisions of IOS in the past decade. -Every version of IOS has a major release identifier, a revision number, and a release train. -Cisco has released more than 100 security advisories relating to IOS. -The relationships between IOS versions can be difficult to understand because they do not follow a single linear progression. -It is important for security and network administrators to correctly relate the security advisories to the versions of IOS running on their network. -Cisco security advisories generally identify vulnerable major release version and release trains and provide a migration path to the next version where the flaw is fixed and functionality has been maintained. -Correctly interpreting security advisories relating to IOS allows admins to identify “at-risk” systems and avoid F+.