Should You Worry About Stolen Cisco Code?

Last week's theft of source code for Cisco's PIX firewall, and its open sale for $24,000 over Usenet by a shadowy group called the Source Code Club must have put the fear of hackers into users of Cisco firewalls everywhere.

It's not a pretty thought: The Cisco firewall family jewels falling into the hands of would-be intruders. But is it really as big a problem as it seems, or is the real issue here the egg on Cisco's face?

Sure, there's a chance that it will be used to hack through firewall. But let's face it, how many hackers do you think are willing to fork out $24,000 for a piece of code? After all, these are people who will spend inordinate amounts of time looking for cracks so they can get free software like Photoshop. If they're not willing to spend a few hundred dollars for that, are they really going to be willing to spend $24,000 for a piece of software?

Beyond that, the truth is that most intruders don't get into networks by prodigious feats of hacking and code-breaking. Instead, they use social engineering, doing things like guessing obvious passwords, fooling people into giving out personal information, and so on. You don't need to spend $24,000 to do that.

Finally, there are those who will tell you that having the code out in the open like this is the best way to keep it safe. After all, that's the entire idea behind the Open Source movement. Let everyone in the world have a shot at cracking code, and that'll expose its vulnerabilities, so that it can be more easily strengthened. That's how Apache, the most popular Web server software in the world, works, as well as a host of other software.So I wouldn't worry too much about proprietary Cisco code being sold to all takers. It's unlikely anyone's going to buy it. You'd do well to pay attention to more basic security measures, ones as simple as strengthening passwords.