[48417] in North American Network Operators' Group
Re: route authentication
daemon@ATHENA.MIT.EDU (batz)
Tue Jun 4 10:30:31 2002
Date: Tue, 4 Jun 2002 10:20:10 -0400 (EDT)
From: batz <batsy@vapour.net>
To: Sean Donelan <sean@donelan.com>
Cc: Barbara Fraser <byfraser@cisco.com>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.40.0206040319010.12424-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 4 Jun 2002, Sean Donelan wrote:
:Some ISPs are practically religious about using them, usually the result
:of a single person at the ISP pushing it. But for the most part it hasn't
:really taken hold in the professional security consulting field.
I would suggest that it is also ISP's who do not hire security consultants.
Consulting fees tend to come from departmental budgets, and almost
every network engineer I have ever met fancies themselves a security
expert. There isn't alot of incentive for them to get a third party
opinion, because of a lack of faith in the clue of most consultants, and
a general aversion to having anyone touch the delicate house of cards
many network engineers have constructed.
Maybe Cisco could add this as a default requirement of the configuration
that had to be explicitly disabled? In fact, it would be nice if all
protocol configurations had to have their authentication manually
disabled.
--
batz
