nanog mailing list archives
Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)
From: Owen DeLong <owen () delong com>
Date: Wed, 20 Feb 2013 11:39:09 -0800
If you have that option, I suppose that would be one way to solve it. I, rather, see it as a reason to: 1. Cryptographically secure links that may be carrying private data. 2. Rotate cryptographic keys (relatively) often on such links. YMMV, but I think encryption is a lot cheaper than building a telco. Especially over long distances. Owen On Feb 20, 2013, at 11:33 , Warren Bailey <wbailey () satelliteintelligencegroup com> wrote:
Isn't this a strong argument to deploy and operate a network independent of the traditional switch circuit provider space? On 2/20/13 11:22 AM, "Jay Ashworth" <jra () baylink com> wrote:----- Original Message -----From: "Owen DeLong" <owen () delong com>Many DACS have provision for "monitoring" circuits and feeding the data off to a third circuit in an undetectable manner. The DACS question wasn't about DACS owned by the people using the circuit, it was about DACS inside the circuit provider. When you buy a DS1 that goes through more than one CO in between two points, you're virtually guaranteed that it goes through one or more of {DS-3 Mux, Fiber Mux, DACS, etc.}. All of these are under the control of the circuit provider and not you.Correct, and they expand the attack surface in ways that even many network engineers may not consider unless prompted. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Current thread:
- Re: NYT covers China cyberthreat, (continued)
- Re: NYT covers China cyberthreat Zaid Ali Kahn (Feb 19)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 19)
- Re: NYT covers China cyberthreat David Barak (Feb 20)
- Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- RE: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jamie Bowden (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Owen DeLong (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Owen DeLong (Feb 20)
- Re: NYT covers China cyberthreat Zaid Ali Kahn (Feb 19)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) David Barak (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Cameron Byrne (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jon Lewis (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jack Bates (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Steven Bellovin (Feb 20)
- Re: NYT covers China cyberthreat calin.chiorean (Feb 20)
- Re: NYT covers China cyberthreat Barry Shein (Feb 20)