route authentication

batz batsy at vapour.net
Tue Jun 4 14:20:10 UTC 2002


On Tue, 4 Jun 2002, Sean Donelan wrote:

:Some ISPs are practically religious about using them, usually the result
:of a single person at the ISP pushing it.  But for the most part it hasn't
:really taken hold in the professional security consulting field. 

I would suggest that it is also ISP's who do not hire security consultants. 
Consulting fees tend to come from departmental budgets, and almost
every network engineer I have ever met fancies themselves a security 
expert. There isn't alot of incentive for them to get a third party 
opinion, because of a lack of faith in the clue of most consultants, and 
a general aversion to having anyone touch the delicate house of cards
many network engineers have constructed. 

Maybe Cisco could add this as a default requirement of the configuration 
that had to be explicitly disabled? In fact, it would be nice if all 
protocol configurations had to have their authentication manually
disabled. 



--
batz




More information about the NANOG mailing list