Network security on multiple levels (was Re: NYT covers China cyberthreat)

Jamie Bowden jamie at photon.com
Wed Feb 20 18:05:04 UTC 2013


> From: Warren Bailey [mailto:wbailey at satelliteintelligencegroup.com]


> If you are doing DS0 splitting on the DACS, you'll see that on the
> other
> end (it's not like channelized CAS ds1's or PRI's are difficult to look
> at
> now) assuming you have access to that. If the DACS is an issue, buy the
> DACS and lock it up. I was on a .mil project that used old school
> Coastcom
> DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some
> pretty
> top notch traffic and the microwave network (licensed .gov band)
> brought
> it right back to the base that project was owned by. Security is
> expensive, because you cannot leverage a service provider model
> effectively around it. You can explain the billion dollars you spent on
> your global network of CRS-1's, but CRS-1's for a single application
> usually are difficult to swallow. I'm not saying that it isn't done
> EVER,
> I'm just saying there are ways to avoid your 1998 red hat box from
> rpc.statd exploitation - unplug aforementioned boxen from inter webs.

Our connections to various .mil and others are private ds1's with full on end to end crypto over them.  You can potentially kill our connections, but you're not snooping them or injecting traffic into them.

Jamie




More information about the NANOG mailing list