[87870] in North American Network Operators' Group
Re: Is my router owned? How would I know?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu Jan 12 22:29:54 2006
Date: Fri, 13 Jan 2006 03:29:15 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <200601122310.k0CNAGQ5020834@world.std.com>
To: Martin Hannigan <hannigan@world.std.com>
Cc: Florian Weimer <fw@deneb.enyo.de>, goemon@anime.net,
Rob Thomas <robt@cymru.com>, NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Thu, 12 Jan 2006, Martin Hannigan wrote:
> If we accept the "clue" problem as the solution, I think we
> accept the fact that we condone the vendor not having secure
> solutions. That may be fine for our new colleague the 'security
vendors should always, or be beatten about the head/shoulders when not,
put out secure products... always.
> engineer', but it's not good for the Internet as a whole and it
> distracts us from the work of making it work.
>
how is it better for security engineers? it's hell, every 3rd month a new
'default passwd' often on a 'security' device :( talk about stupid :(
> Offering tutorials at NANOG is a great effort towards the
> clue issue, but maybe we should offer vendors tutorials on
> the inverse?
>
Some vendors have asked and received this sort of thing, does huwei (which
I butchered the spelling of) want one? (or need one?) how about netgear
and their lovely NTP issue? or checkpoint or ... there are quite a few
vendors out there, some even attend NANOG. If they listened to their
customers I suspect they'd hear: "I want a secure platform!" quite loudly.
