Is this really Cloud Computing? (Lessons learned from a recent Cisco SSL VPN Vulnerability)

Is this really Cloud Computing? (Lessons learned from a recent Cisco SSL VPN Vulnerability)

Leonid Belkind Leonid Belkind

Leonid Belkind

Published Feb 1, 2018
+ Follow

As some of you have heard, on January 29th, Cisco has disclosed information about a Remote Code Execution and Denial of Service vulnerability that affects a number of their security product lines. The vulnerability is pretty bad. In fact, its CVSS (Common Vulnerability Scoring System) score is 10, the highest possible score.

 I will not join the ranks of people who are bashing Cisco and its engineers over this. I respect Cisco as a company; for almost two decades it has been a worthy competitor and I believe that it employs experienced engineers that have high security awareness. Bugs in software have existed from time immemorial and, while modern multi-layer testing methodologies can and should discover and prevent them at an embryonic stage, this isn’t what I am focusing on.

Here's my angle:

Sure, a critical vulnerability in a software that runs on various appliances hidden deeply in old-school data centers is a reason for panic. Thousands of IT professionals in the world are now frantically looking for critical patches to the exact versions of software running on their dedicated machines and are improvising procedures of how to update them without causing impact on production environments. 

Here are a couple of examples of a frantic activity:

But what about those of us running on modern cloud architectures? Surely, we are exempt from this “menace of the past”. Aren’t we?

Well, a close look at the list of affected products released by Cisco reveals a different reality.

Alongside products that are on the market for many years (some are already out of support), we can see that the pinnacle of creation, the most modern and cloud-native thing in the universe – Cisco’s Virtual Appliance - is also affected by the same issue. This means, in simple terms, that those of us who have created modern cloud architectures using seemingly modern solutions are in the same bad situation as the ones that haven’t updated their infrastructure for 10 years. How come???

Well, folks, by taking a many-years-old appliance code and running it on the modern Infrastructure-as-a-Service, you are completely missing the cloud architecture potential as it perpetuates the architectural principles of time long gone.

You are still responsible for manually maintaining it and updating it with patches when relevant. And simply put, when shit hits the fan, like the Cisco vulnerability announcement of this week, you will be effected just as if you’ve kept the old, traditional, on-premises architecture. 

So, let me ask you: is there another way? I think there is...

To prove my point, here are screenshots of AWS and Microsoft Azure marketplaces showing the affected products:

#Cisco #CyberSecurity #Patch

To view or add a comment, sign in

More articles by this author

See all

Others also viewed

Similar topics

Explore content categories