Network security on multiple levels (was Re: NYT covers China cyberthreat)
Jay Ashworth
jra at baylink.com
Wed Feb 20 19:22:02 UTC 2013
----- Original Message -----
> From: "Owen DeLong" <owen at delong.com>
> Many DACS have provision for "monitoring" circuits and feeding the
> data off to a third circuit in an undetectable manner.
>
> The DACS question wasn't about DACS owned by the people using the
> circuit, it was about DACS inside the circuit provider. When you buy a
> DS1 that goes through more than one CO in between two points, you're
> virtually guaranteed that it goes through one or more of {DS-3 Mux,
> Fiber Mux, DACS, etc.}. All of these are under the control of the
> circuit provider and not you.
Correct, and they expand the attack surface in ways that even many
network engineers may not consider unless prompted.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the NANOG
mailing list