On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates jba...@brightok.net wrote:
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
...@brightok.net
Cc: nanog@nanog.org
Subject: Re: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates jba...@brightok.net wrote:
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build your own
private networks, you can't get rooted if someone can't knock.
If you are doing DS0 splitting on the DACS, you'll see that on the other
end (it's not like channelized CAS ds1's or PRI's are difficult to look at
now) assuming you have access to that. If the DACS is an issue, buy the
DACS and lock it up. I was on a .mil project that used old school Coastcom
DI
On Wed, Feb 20, 2013 at 9:13 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build
From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
If you are doing DS0 splitting on the DACS, you'll see that on the
other
end (it's not like channelized CAS ds1's or PRI's are difficult to look
at
now) assuming you have access to that. If the DACS is an issue, buy the
I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an
On Wed, 20 Feb 2013, Jay Ashworth wrote:
Well, Warren, I once had a discussion with someone about whether dedicated
DS-1 to tie your SCADA network together were secure enough and they asked
me:
Does it run through a DACS? Where can you program the DACS from?
See thread: nanog impossible
Many DACS have provision for monitoring circuits and feeding the data
off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the circuit provider. When you buy a
DS1 that goes through more than one CO
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits and feeding the
data off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying private
data.
2. Rotate cryptographic keys (relatively) often on such links.
YMMV, but I think encryption is a
--- On Wed, 2/20/13, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
The DACS question wasn't about DACS owned by the people
using the
circuit, it was about DACS inside the circuit provider.
When you buy a
DS1 that goes through more
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into
them, apparently so easily it can be done by accident.
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based
On Feb 20, 2013, at 3:20 PM, Jack Bates jba...@brightok.net wrote:
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into them,
apparently so easily it can be done by accident.
This is
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin s...@cs.columbia.edu
An amazing percentage of private lines are pseudowires, and neither you nor
your telco salesdroid can know or tell; even the real circuits are routed
through DACS, ATM switches, and the like. This is what link
17 matches
Mail list logo