protecting operational networks

Ran Atkinson rja at corp.home.net
Mon Sep 15 15:47:21 UTC 1997


On Sep 13 16:44, Sean M. Doran wrote:

% Then, some protection for routing protocols to make them
% both more robust and more secure, and life is a bit nicer.

IMHO, any serious network operator using OSPF or BGP should
have already deployed the techniques below (as applicable):
	OSPF with Keyed MD5 Authentication
	BGP-4 with the Keyed MD5 Authentication extension
		as a TCP option.

WRT ISIS, lack of a CLNP infrastructure limits the ability of
outsiders to attack a network.  Nonetheless, ISIS should probably
also get some kind of cryptographic authentication extension.

Ran
rja at home.net



More information about the NANOG mailing list