[160958] in North American Network Operators' Group
Re: Network security on multiple levels (was Re: NYT covers China
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Feb 20 14:41:08 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CD4A64D5.7C6A%wbailey@satelliteintelligencegroup.com>
Date: Wed, 20 Feb 2013 11:39:09 -0800
To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying =
private data.
2. Rotate cryptographic keys (relatively) often on such =
links.
YMMV, but I think encryption is a lot cheaper than building a telco. =
Especially
over long distances.
Owen
On Feb 20, 2013, at 11:33 , Warren Bailey =
<wbailey@satelliteintelligencegroup.com> wrote:
> Isn't this a strong argument to deploy and operate a network =
independent
> of the traditional switch circuit provider space?
>=20
> On 2/20/13 11:22 AM, "Jay Ashworth" <jra@baylink.com> wrote:
>=20
>> ----- Original Message -----
>>> From: "Owen DeLong" <owen@delong.com>
>>=20
>>> Many DACS have provision for "monitoring" circuits and feeding the
>>> data off to a third circuit in an undetectable manner.
>>>=20
>>> The DACS question wasn't about DACS owned by the people using the
>>> circuit, it was about DACS inside the circuit provider. When you buy =
a
>>> DS1 that goes through more than one CO in between two points, you're
>>> virtually guaranteed that it goes through one or more of {DS-3 Mux,
>>> Fiber Mux, DACS, etc.}. All of these are under the control of the
>>> circuit provider and not you.
>>=20
>> Correct, and they expand the attack surface in ways that even many
>> network engineers may not consider unless prompted.
>>=20
>> Cheers,
>> -- jra
>> --=20
>> Jay R. Ashworth Baylink
>> jra@baylink.com
>> Designer The Things I Think =
RFC
>> 2100
>> Ashworth & Associates http://baylink.pitas.com 2000 Land
>> Rover DII
>> St Petersburg FL USA #natog +1 727 =
647
>> 1274
>>=20
>>=20
>=20
>=20
