nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ciena 6200 clue?

From: Jeff Shultz <jeffshultz () wvi com>
Date: Wed, 03 Jul 2013 13:03:46 -0700
On 7/3/2013 1:00 PM, Paul Stewart wrote:

On 2013-07-03 3:57 PM, "Brandon Ross" <bross () pobox com> wrote:


Everyone knows that attacks against your management interface come
from devices not on your management network.  By removing the
default gateway feature, Ciena is improving the security of your
network.

It's time we created a BCOP specifying that default gateway
functionality be disabled or removed in all network deployments, in
the interest of security.  Security improvements realized in the
last few years by dropping all ICMP and TCP DNS at firewall
boundaries, not to mention universal deployment of NAT, were just
the first few steps to creating a much more secure Internet.

Once disablement of default gateway functionality has been become
a common practice, the natural reduction in traffic on the Internet
should allow most operators to achieve enormous cost savings by
powering off all of their equipment.


Awesome - sorry, can't resistÅ . :)



Ah, somehow my eyeballs glazed over the excellent sarcasm that was made
evident in the last paragraph....

Either way, my point remains: I want the option. I suspect I'm not alone...

--
Jeff Shultz
Previous By Date Next
Previous By Thread Next

Current thread: