nanog mailing list archives
Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)
From: David Barak <thegameiam () yahoo com>
Date: Wed, 20 Feb 2013 11:48:29 -0800 (PST)
--- On Wed, 2/20/13, Jay Ashworth <jra () baylink com> wrote:
----- Original Message -----From: "Owen DeLong" <owen () delong com>
The DACS question wasn't about DACS owned by the peopleusing thecircuit, it was about DACS inside the circuit provider.When you buy aDS1 that goes through more than one CO in between twopoints, you'revirtually guaranteed that it goes through one or moreof {DS-3 Mux,Fiber Mux, DACS, etc.}. All of these are under thecontrol of thecircuit provider and not you.Correct, and they expand the attack surface in ways that even many network engineers may not consider unless prompted.
This is precisely the value of encryption on point to point links, preferably at the link layer rather than at the IP layer. When coupled with decent end-to-end application-layer encryption on top of that, the value proposition for sniffing traffic from the network drops a whole lot. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
Current thread:
- Re: NYT covers China cyberthreat, (continued)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 19)
- Re: NYT covers China cyberthreat David Barak (Feb 20)
- Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- RE: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jamie Bowden (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Owen DeLong (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jay Ashworth (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Warren Bailey (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Owen DeLong (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) David Barak (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Cameron Byrne (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jon Lewis (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Jack Bates (Feb 20)
- Re: Network security on multiple levels (was Re: NYT covers China cyberthreat) Steven Bellovin (Feb 20)
- Re: NYT covers China cyberthreat calin.chiorean (Feb 20)
- Re: NYT covers China cyberthreat Barry Shein (Feb 20)
- Re: NYT covers China cyberthreat Warren Bailey (Feb 20)