CISCO Catalyst 2950 Switch IOS Upgrade?

If you don't need any of the new features and everything is working fine, I don't really see a reason for upgrading the switches. Its important to keep the PIX upgraded though.

Thanks! This is what I was thinking but wasn't 100% sure. Does anybody else have an opinion on the subject?

If it's not broke, don't fix it. Unless there is a specific vulnerability or feature you are trying to add, don't do anything. You know it's working now, why screw with it.

Thanks for everyones input. Looks like I will leave the switches alone until someone convinces me otherwise! Thanks again!

My approach is to read the release notes for every firmware upgrade to see if it addresses any issues I have, or if it adds any functionality I could use.

If I want anything in the new release, I install it on a test device first and test my issue or added functionality to ensure I have understood the release notes.

Then, I will install it on the live network.

Generally, I try to keep my firmware as up-to-date as possible.

You make a good point however in my case I don't have a test device so I can't do it that way. My main question was whether or not an internal switch could be vulnerable to any security bugs when it's an internal switch behind a firewall.

Potentially, but not likely. I agree with the thoughts of others that if it ain't broke, don't fix it. There are devices that you need to keep up to date, but generally speaking, switches do not fall into that category. When a release comes out with a reason to update, do it, otherwise, leave it alone. Or, consider doing it just before your smartnet runs out. At least download the latest at that time.

One thought... if you do upgrade the switch, make sure you have a copy of the old version very close in case you want to go back :-)