nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 31 Dec 2013 02:00:17 +0000
On Dec 30, 2013, at 11:28 PM, Marco Teixeira <admin () marcoteixeira com> wrote:
i just wanted to say that any network professional that puts any equipment into production without securing it against the kind of issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and should be fired on the spot.
Yes, but keep in mind that with near-infinite resources, one can go after internal machines used by network operations personnel, etc. There are multiple things that network operators can and should do to prevent direct unauthorized configuration, to prevent tampering with configuration-management systems, to securing jump-off boxes, to implementing AAA with per-command auth and logging, to monitoring for config changes, etc. Unfortunately, many network operators don't do all these various things, and so it's quite possible for an organization with time and resources to attack via a side-channel. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Chris Boyd (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeff Kell (Dec 30)
- RE: NSA able to compromise Cisco, Juniper, Huawei switches Keith Medcalf (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Eugeniu Patrascu (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Valdis . Kletnieks (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Marco Teixeira (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches jim deleskie (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jay Ashworth (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches William Waites (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeremy Bresley (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Sharif Torpis (Dec 30)