[164288] in North American Network Operators' Group
Re: Ciena 6200 clue?
daemon@ATHENA.MIT.EDU (Paul Stewart)
Wed Jul 3 16:00:55 2013
Date: Wed, 03 Jul 2013 16:00:09 -0400
From: Paul Stewart <paul@paulstewart.org>
To: Brandon Ross <bross@pobox.com>
In-Reply-To: <alpine.OSX.2.02.1307031550130.7014@brugal.local>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2013-07-03 3:57 PM, "Brandon Ross" <bross@pobox.com> wrote:
>
>Everyone knows that attacks against your management interface come from
>devices not on your management network. By removing the default gateway
>feature, Ciena is improving the security of your network.
>
>It's time we created a BCOP specifying that default gateway functionality
>be disabled or removed in all network deployments, in the interest of
>security. Security improvements realized in the last few years by
>dropping all ICMP and TCP DNS at firewall boundaries, not to mention
>universal deployment of NAT, were just the first few steps to creating a
>much more secure Internet.
>
>Once disablement of default gateway functionality has been become a
>common=20
>practice, the natural reduction in traffic on the Internet should allow
>most operators to achieve enormous cost savings by powering off all of
>their equipment.
>
Awesome - sorry, can't resist=8A. :)
Paul
