NSA able to compromise Cisco, Juniper, Huawei switches
Dobbins, Roland
rdobbins at arbor.net
Tue Dec 31 19:44:15 UTC 2013
On Jan 1, 2014, at 2:34 AM, Jonathan Greenwood II <gwood83 at gmail.com> wrote:
> The best response I've seen to all this hype and I completely agree with
> Scott:
>
> "Do ya think that you wouldn't also notice a drastic increase in outbound traffic to begin with? It's fun to watch all the hype and things like
> that, but to truly sit down and think about what it would actually take to make something like this happen, especially on a sustained and
> "unnoticed" basis, is just asinine.
Hopefully, this drives home the importance of all the various BCPs like iACLs, isolated jump-off boxes for interactive access, config-file management, and network telemetry - including visibility into DCN/OOB traffic.
There are open-source tools out there which can be used for these purposes. It doesn't require a lot of capex, mainly opex - i.e., elbow-grease.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the NANOG
mailing list