route authentication
Sean Donelan
sean at donelan.com
Tue Jun 4 15:22:57 UTC 2002
How do you enable an IP interface because you need a unique address
for your interfaces? When I say not part of the default configuration I
mean the default configuration doesn't even have a space for "put key
here."
On Tue, 4 Jun 2002, Farhan Memon wrote:
> How can u enable auth by default, since you would have to stick in a key
> somehow, and if that was default then it could be exploited.
>
> rgrds
>
> Faz
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> batz
> Sent: 04 June 2002 15:20
> To: Sean Donelan
> Cc: Barbara Fraser; nanog at merit.edu
> Subject: Re: route authentication
>
>
>
> On Tue, 4 Jun 2002, Sean Donelan wrote:
>
> :Some ISPs are practically religious about using them, usually the result
> :of a single person at the ISP pushing it. But for the most part it hasn't
> :really taken hold in the professional security consulting field.
>
> I would suggest that it is also ISP's who do not hire security consultants.
> Consulting fees tend to come from departmental budgets, and almost
> every network engineer I have ever met fancies themselves a security
> expert. There isn't alot of incentive for them to get a third party
> opinion, because of a lack of faith in the clue of most consultants, and
> a general aversion to having anyone touch the delicate house of cards
> many network engineers have constructed.
>
> Maybe Cisco could add this as a default requirement of the configuration
> that had to be explicitly disabled? In fact, it would be nice if all
> protocol configurations had to have their authentication manually
> disabled.
>
>
>
> --
> batz
>
>
>
>
More information about the NANOG
mailing list