[160956] in North American Network Operators' Group
Re: Network security on multiple levels (was Re: NYT covers China
daemon@ATHENA.MIT.EDU (Warren Bailey)
Wed Feb 20 14:34:15 2013
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: Jay Ashworth <jra@baylink.com>, NANOG <nanog@nanog.org>
Date: Wed, 20 Feb 2013 19:33:33 +0000
In-Reply-To: <236723.6684.1361388122424.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, "Jay Ashworth" <jra@baylink.com> wrote:
>----- Original Message -----
>> From: "Owen DeLong" <owen@delong.com>
>
>> Many DACS have provision for "monitoring" circuits and feeding the
>> data off to a third circuit in an undetectable manner.
>>=20
>> The DACS question wasn't about DACS owned by the people using the
>> circuit, it was about DACS inside the circuit provider. When you buy a
>> DS1 that goes through more than one CO in between two points, you're
>> virtually guaranteed that it goes through one or more of {DS-3 Mux,
>> Fiber Mux, DACS, etc.}. All of these are under the control of the
>> circuit provider and not you.
>
>Correct, and they expand the attack surface in ways that even many
>network engineers may not consider unless prompted.
>
>Cheers,
>-- jra
>--=20
>Jay R. Ashworth Baylink
>jra@baylink.com
>Designer The Things I Think RFC
>2100
>Ashworth & Associates http://baylink.pitas.com 2000 Land
>Rover DII
>St Petersburg FL USA #natog +1 727 647
>1274
>
>
