nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

From: David Barak <thegameiam () yahoo com>
Date: Wed, 20 Feb 2013 11:48:29 -0800 (PST)
--- On Wed, 2/20/13, Jay Ashworth <jra () baylink com> wrote:


----- Original Message -----

From: "Owen DeLong" <owen () delong com>



The DACS question wasn't about DACS owned by the people

using the

circuit, it was about DACS inside the circuit provider.

When you buy a

DS1 that goes through more than one CO in between two

points, you're

virtually guaranteed that it goes through one or more

of {DS-3 Mux,

Fiber Mux, DACS, etc.}. All of these are under the

control of the

circuit provider and not you.


Correct, and they expand the attack surface in ways that
even many 
network engineers may not consider unless prompted.


This is precisely the value of encryption on point to point links, preferably at the link layer rather than at the IP 
layer.  When coupled with decent end-to-end application-layer encryption on top of that, the value proposition for 
sniffing traffic from the network drops a whole lot.

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com
Previous By Date Next
Previous By Thread Next

Current thread: