Cisco IOS Naming Conventions and Versioning

© Toronto Area Security Klatch 2007 www.TASK.to

Presentation Intro

Cisco IOS Naming Conventions and Versioning

Presented by: Ross Barrettrbarrett@ncircle.com

Reverse Engineer and DeveloperVulnerability and Exposure Research Team (VERT)nCircle Network Security

Presented to: TASK (Tuesday, March 27, 2007)http://www.task.to/events/past.php

© Toronto Area Security Klatch 2007 www.TASK.to

Outline

Introduction

Cisco IOS History and Major Versions

Understanding Complex Version Strings

Relating a version string to a Cisco Security Advisory

Summary and References

© Toronto Area Security Klatch 2007 www.TASK.to

Introduction

What is Cisco IOS?

Cisco IOS or simply “IOS” is the brand name for Cisco Systems’ Internetwork Operating System.

Cisco IOS is the software running most Cisco networking products.

Since the 90’s Cisco has released more than 1500 revisions of IOS. As a result, the IOS naming scheme has grown quite

complex.

© Toronto Area Security Klatch 2007 www.TASK.to

IOS 12.1 and 12.2 Release Trains

© Toronto Area Security Klatch 2007 www.TASK.to

IOS Security

IOS Security

Cisco has issued more than 100 security advisories relating to IOS.

Correctly relating the IOS versions present on your network to Cisco advisories enables security administrators to: Identify “at risk” systems Avoid false positives

© Toronto Area Security Klatch 2007 www.TASK.to

Basic IOS Versioning

Each Cisco IOS release is uniquely identified by:

Mainline releases do not have a release train letter.

Major Revision Number

Release Train

12.2 (4) T

Maintenance Revision

© Toronto Area Security Klatch 2007 www.TASK.to

IOS Release Trains

Consolidated Technology Early Deployment (CTED)Release Train “T”, branched the from mainline

Specific Market Early Deployment (SMED)Release Trains identified by a single letter other than “T” (“S”, “E”, “B”,

etc.), branched the from mainline

Specific Technology Early Deployment (STED)Release train has two letters, (e.g. BA, BB, BC), branched from “T”

train.

Experimental Early Deployment (XED)Release train has two letters. First letters is “X”, “Y”, or “Z”.

Increments from XA for each major release. Branched from “T” train.

© Toronto Area Security Klatch 2007 www.TASK.to

Complex IOS Version Strings

12.3(10e)The 5th rebuild (represented by ”e”) of the 10th revision of IOS 12.3

main line.

12.3(14)YM8The 8th revision of the 39th XED train branched from the 14th revision

of IOS 12.3

12.2(15)MC2cThe 3rd rebuild (“c”), of the 2nd revision of the 3rd release (“C”) in the

“M” STED train branched from the 15th revision of IOS 12.2.

12.2(17d)SXB5The 5th revision of the 2nd XED train branched from 12.2(17d)S.

© Toronto Area Security Klatch 2007 www.TASK.to

IOS Security Advisories

The flaw is fixed in 12.3(11)T10 but still exists in 12.3(14)T6

© Toronto Area Security Klatch 2007 www.TASK.to

Conclusion

Running a main line release is not necessarily any more secure then an XED release. XED releases may contain undisclosed flaws.

Comparing versions with different major revision numbers or release trains is comparing apples and oranges.

There are exceptions to the naming conventions. (e.g. version 12.0(2)W5 where “W5” is the release train)

© Toronto Area Security Klatch 2007 www.TASK.to

References

Cisco IOS Releases: The Complete Reference Author Mack M. Coulibaly, Cisco Press, 2000

Related paper:http://www.cisco.com/en/US/tech/tk869/tk769/

technologies_white_paper09186a00800a998b.shtml

The IOS roadmap (c 2004):http://www.cisco.com/warp/public/620/

roadmap.shtml

QUESTIONS?

© Toronto Area Security Klatch 2007 www.TASK.to

Summary

- IOS is widely deployed and runs critical network infrastructure.

- There have been more than 1500 revisions of IOS in the past decade.

- Every version of IOS has a major release identifier, a revision number, and a release train.

- Cisco has released more than 100 security advisories relating to IOS.

- The relationships between IOS versions can be difficult to understand because they do not follow a single linear progression.

- It is important for security and network administrators to correctly relate the security advisories to the versions of IOS running on their network.

- Cisco security advisories generally identify vulnerable major release version and release trains and provide a migration path to the next version where the flaw is fixed and functionality has been maintained.

- Correctly interpreting security advisories relating to IOS allows admins to identify “at-risk” systems and avoid F+.