nanog mailing list archives
RE: Network security on multiple levels (was Re: NYT covers China cyberthreat)
From: Jamie Bowden <jamie () photon com>
Date: Wed, 20 Feb 2013 18:05:04 +0000
From: Warren Bailey [mailto:wbailey () satelliteintelligencegroup com]
If you are doing DS0 splitting on the DACS, you'll see that on the other end (it's not like channelized CAS ds1's or PRI's are difficult to look at now) assuming you have access to that. If the DACS is an issue, buy the DACS and lock it up. I was on a .mil project that used old school Coastcom DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some pretty top notch traffic and the microwave network (licensed .gov band) brought it right back to the base that project was owned by. Security is expensive, because you cannot leverage a service provider model effectively around it. You can explain the billion dollars you spent on your global network of CRS-1's, but CRS-1's for a single application usually are difficult to swallow. I'm not saying that it isn't done EVER, I'm just saying there are ways to avoid your 1998 red hat box from rpc.statd exploitation - unplug aforementioned boxen from inter webs.
Our connections to various .mil and others are private ds1's with full on end to end crypto over them. You can potentially kill our connections, but you're not snooping them or injecting traffic into them. Jamie
Current thread:
- Re: NYT covers China cyberthreat, (continued)
- Re: NYT covers China cyberthreat Suresh Ramasubramanian (Feb 20)
- Re: NYT covers China cyberthreat Richard Porter (Feb 20)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 20)
- Re: NYT covers China cyberthreat Suresh Ramasubramanian (Feb 20)
- Re: NYT covers China cyberthreat Steven Bellovin (Feb 21)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 19)
- Re: NYT covers China cyberthreat David Barak (Feb 20)
- Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- RE: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jamie Bowden (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)