LoA (Letter of Authorization) for Prefix Filter Modification?
jgreco at ns.sol.net
Tue Sep 16 21:05:34 CDT 2008
> It is only a good audit trail if the audit log can be trusted, though. Given how "secure" things like faxes are, well, that's a thing for another day, I suppose.
> Very few things out there in today's interconnected world really provide "hard" security, instead of security theatre/CYA/minor deterrants/"keeping honest people honest".
> That is not to say that these things have zero inherent value, at least in my mind, but they are not IMO to be confused with high security (as in military grade versus making a few clever [socially engineered] phone calls).
> Even so, much of the modern day business world relies on these things to some degree or another.
As I said, there are already ways to deal with these issues.
Unfortunately, most of them are reactive in nature. Despite that fact, I
would much prefer to see a LoA, which will have some significant deterrent
value, rather than nothing at all.
The "security" of faxes has very little to do with it. If twtelecom finds
that Jon Lewis over at Atlantic.net is sending in LoA's that turn out to
be fraudulent, it is very likely that the level of scrutiny for future
LoA's will suddenly increase, maybe involving calls to ARIN, the contact
information for the organization in question, etc., to try to further
determine the authenticity. On the flip side, if Jon has sent in a hundred
LoA's, and none have ever been questioned, the level of scrutiny is likely
to be reasonably low. Risk assessment in this environment isn't *that*
rough, and worrying about whether or not the trail can be audited/
authenticated, security of faxes, etc., may be excessively paranoid.
We do not have an Internet that is designed with "hard" security in mind,
so worrying about the easily attacked portions is certainly worthwhile, but
let's be thoughtful, rather than obsessive, about it.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG