RE: Network security on multiple levels (was Re: NYT covers China cyberthreat)

[Jamie Bowden <jamie () photon com>]

> From: Warren Bailey [mailto:wbailey () satelliteintelligencegroup com]


> If you are doing DS0 splitting on the DACS, you'll see that on the
> other
> end (it's not like channelized CAS ds1's or PRI's are difficult to look
> at
> now) assuming you have access to that. If the DACS is an issue, buy the
> DACS and lock it up. I was on a .mil project that used old school
> Coastcom
> DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some
> pretty
> top notch traffic and the microwave network (licensed .gov band)
> brought
> it right back to the base that project was owned by. Security is
> expensive, because you cannot leverage a service provider model
> effectively around it. You can explain the billion dollars you spent on
> your global network of CRS-1's, but CRS-1's for a single application
> usually are difficult to swallow. I'm not saying that it isn't done
> EVER,
> I'm just saying there are ways to avoid your 1998 red hat box from
> rpc.statd exploitation - unplug aforementioned boxen from inter webs.

Our connections to various .mil and others are private ds1's with full on end to end crypto over them.  You can 
potentially kill our connections, but you're not snooping them or injecting traffic into them.

Jamie