Ciena 6200 clue?

Brandon Ross bross at pobox.com
Wed Jul 3 19:57:40 UTC 2013


On Tue, 2 Jul 2013, Jason Lixfeld wrote:

> The SE who's onsite is apparently claiming that there is no provision to 
> set a default gateway on the management interface.

Everyone knows that attacks against your management interface come from 
devices not on your management network.  By removing the default gateway 
feature, Ciena is improving the security of your network.

It's time we created a BCOP specifying that default gateway functionality 
be disabled or removed in all network deployments, in the interest of 
security.  Security improvements realized in the last few years by 
dropping all ICMP and TCP DNS at firewall boundaries, not to mention 
universal deployment of NAT, were just the first few steps to creating a 
much more secure Internet.

Once disablement of default gateway functionality has been become a common 
practice, the natural reduction in traffic on the Internet should allow 
most operators to achieve enormous cost savings by powering off all of 
their equipment.

-- 
Brandon Ross                                      Yahoo & AIM:  BrandonNRoss
+1-404-635-6667                                                ICQ:  2269442
Schedule a meeting:  https://doodle.com/bross            Skype:  brandonross




More information about the NANOG mailing list