On Dec 30, 2013, at 11:28 PM, Marco Teixeira <ad...@marcoteixeira.com> wrote:
> i just wanted to say that any network professional that puts any equipment > into production without securing it against the kind of > issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and > should be fired on the spot. Yes, but keep in mind that with near-infinite resources, one can go after internal machines used by network operations personnel, etc. There are multiple things that network operators can and should do to prevent direct unauthorized configuration, to prevent tampering with configuration-management systems, to securing jump-off boxes, to implementing AAA with per-command auth and logging, to monitoring for config changes, etc. Unfortunately, many network operators don't do all these various things, and so it's quite possible for an organization with time and resources to attack via a side-channel. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
