Solution Providers Busy Fixing Cisco Flaw

"We've been swamped trying to get things upgraded," said Rex Frank, CTO at Alvaka Networks, Huntington Beach, Calif.

Most security patches can be installed by the end user, but the fix for the Cisco flaw requires a specific Cisco skill set so integrators are busy at customer sites' implementing the necessary upgrade, he said.

Cisco last week said a flaw in its operating software makes its routers and switches that are configured to process Internet Protocol version 4 (IPv4) packets vulnerable to a denial-of-service attack. Cisco released software to fix the problem. Security experts late last week said attackers were exploiting the flaw, but there were no reports of large outages.

Robert Cohen, president and CEO of CG Atlantic, a systems integrator and Check Point partner based in New York, said his firm is actively marketing its ability to help companies that aren't sure what the Cisco vulnerability means or whether they're vulnerable.

The downside, though, is that the flaw means his firm has to use engineer time visiting current customers to ensure they're out of harm's way. "Since most of our customers have a maintenance contract with us, it's been at no additional cost," he added.

But Chris Ellerman, vice president of professional services at Meridian IT Solutions, Schaumburg, Ill., said most of his firm's clients "are pretty self sufficient with that level of upgrade."

But his company was reviewing the IOS (Internetwork Operating System) image it received from Cisco and upgrading the IOS as needed for customer prior to implementation.