Ciena 6200 clue?
Paul Stewart
paul at paulstewart.org
Wed Jul 3 20:00:09 UTC 2013
On 2013-07-03 3:57 PM, "Brandon Ross" <bross at pobox.com> wrote:
>
>Everyone knows that attacks against your management interface come from
>devices not on your management network. By removing the default gateway
>feature, Ciena is improving the security of your network.
>
>It's time we created a BCOP specifying that default gateway functionality
>be disabled or removed in all network deployments, in the interest of
>security. Security improvements realized in the last few years by
>dropping all ICMP and TCP DNS at firewall boundaries, not to mention
>universal deployment of NAT, were just the first few steps to creating a
>much more secure Internet.
>
>Once disablement of default gateway functionality has been become a
>common
>practice, the natural reduction in traffic on the Internet should allow
>most operators to achieve enormous cost savings by powering off all of
>their equipment.
>
Awesome - sorry, can't resist. :)
Paul
More information about the NANOG
mailing list