NSA able to compromise Cisco, Juniper, Huawei switches

Dobbins, Roland rdobbins at arbor.net
Tue Dec 31 19:44:15 UTC 2013


On Jan 1, 2014, at 2:34 AM, Jonathan Greenwood II <gwood83 at gmail.com> wrote:

> The best response I've seen to all this hype and I completely agree with
> Scott:
> 
> "Do ya think that you wouldn't also notice a drastic increase in outbound traffic to begin with?  It's fun to watch all the hype and things like
> that, but to truly sit down and think about what it would actually take to make something like this happen, especially on a sustained and
> "unnoticed" basis, is just asinine.

Hopefully, this drives home the importance of all the various BCPs like iACLs, isolated jump-off boxes for interactive access, config-file management, and network telemetry - including visibility into DCN/OOB traffic.

There are open-source tools out there which can be used for these purposes.  It doesn't require a lot of capex, mainly opex - i.e., elbow-grease. 

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the NANOG mailing list