[48423] in North American Network Operators' Group
RE: route authentication
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Jun 4 11:23:26 2002
Date: Tue, 4 Jun 2002 11:22:57 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Farhan Memon <fazm@clara.net>
Cc: batz <batsy@vapour.net>, Barbara Fraser <byfraser@cisco.com>,
<nanog@merit.edu>
In-Reply-To: <IAEMJNPOECDPCEHLDAECEEBGDNAA.fazm@clara.net>
Errors-To: owner-nanog-outgoing@merit.edu
How do you enable an IP interface because you need a unique address
for your interfaces? When I say not part of the default configuration I
mean the default configuration doesn't even have a space for "put key
here."
On Tue, 4 Jun 2002, Farhan Memon wrote:
> How can u enable auth by default, since you would have to stick in a key
> somehow, and if that was default then it could be exploited.
>
> rgrds
>
> Faz
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> batz
> Sent: 04 June 2002 15:20
> To: Sean Donelan
> Cc: Barbara Fraser; nanog@merit.edu
> Subject: Re: route authentication
>
>
>
> On Tue, 4 Jun 2002, Sean Donelan wrote:
>
> :Some ISPs are practically religious about using them, usually the result
> :of a single person at the ISP pushing it. But for the most part it hasn't
> :really taken hold in the professional security consulting field.
>
> I would suggest that it is also ISP's who do not hire security consultants.
> Consulting fees tend to come from departmental budgets, and almost
> every network engineer I have ever met fancies themselves a security
> expert. There isn't alot of incentive for them to get a third party
> opinion, because of a lack of faith in the clue of most consultants, and
> a general aversion to having anyone touch the delicate house of cards
> many network engineers have constructed.
>
> Maybe Cisco could add this as a default requirement of the configuration
> that had to be explicitly disabled? In fact, it would be nice if all
> protocol configurations had to have their authentication manually
> disabled.
>
>
>
> --
> batz
>
>
>
>
