> From: Shrdlu [mailto:shr...@deaddrop.org]
> On 3/12/2013 4:16 PM, Warren Bailey wrote:
>
> > Contractors with facility clearances? I would find it hard to believe
> > dot gov would run secure circuits to a non secure facility. ;)
>
> The word "Contractor" is usually used to refer to anyone that
> From: Mike A [mailto:mi...@mikea.ath.cx]
> On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> > Not to mention, the KG units are dot government only.. For obvious
> reasons.
> Erm ... yesandno. Lots of defense contractors have one end of a secured
> circuit. Been there, installed-
On 3/12/2013 4:16 PM, Warren Bailey wrote:
Contractors with facility clearances? I would find it hard to believe
dot gov would run secure circuits to a non secure facility. ;)
The word "Contractor" is usually used to refer to anyone that has a
contract to do work with the government. Having sp
To: nanog@nanog.org
Subject: Re: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> Not to mention, the KG units are dot government only.. For obvious reasons.
Erm ... yesandno. Lots of defense contractor
On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> Not to mention, the KG units are dot government only.. For obvious reasons.
Erm ... yesandno. Lots of defense contractors have one end of a secured
circuit. Been there, installed-and-maintained them.
--
Mike Andrews, W5EGO
mi...@mi
: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates wrote:
> On 2/21/2013 12:03 AM, Scott Weeks wrote:
>>
>> I would sure be interested in hearing about hands-on operational
>> experiences with encryptors. Re
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates wrote:
> On 2/21/2013 12:03 AM, Scott Weeks wrote:
>>
>> I would sure be interested in hearing about hands-on operational
>> experiences with encryptors. Recent experiences have left me
>> with a sour taste in my mouth. blech!
>>
>> scott
>>
>>
>
> Ag
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side
encryptio
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin
An amazing percentage of "private" lines are pseudowires, and neither you nor
your telco salesdroid can know or tell; even the "real" circuits are routed
through DACS, ATM switches, and the like. This is what link encryptors are
all abou
On Feb 20, 2013, at 3:20 PM, Jack Bates wrote:
> On 2/20/2013 1:05 PM, Jon Lewis wrote:
>>
>> See thread: nanog impossible circuit
>>
>> Even your leased lines can have packets copied off or injected into them,
>> apparently so easily it can be done by accident.
>>
>
> This is especially tr
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into
them, apparently so easily it can be done by accident.
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based m
--- On Wed, 2/20/13, Jay Ashworth wrote:
> - Original Message -
> > From: "Owen DeLong"
> > The DACS question wasn't about DACS owned by the people
> using the
> > circuit, it was about DACS inside the circuit provider.
> When you buy a
> > DS1 that goes through more than one CO in betw
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying private
data.
2. Rotate cryptographic keys (relatively) often on such links.
YMMV, but I think encryption is a
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, "Jay Ashworth" wrote:
>- Original Message -
>> From: "Owen DeLong"
>
>> Many DACS have provision for "monitoring" circuits and feeding the
>> d
- Original Message -
> From: "Owen DeLong"
> Many DACS have provision for "monitoring" circuits and feeding the
> data off to a third circuit in an undetectable manner.
>
> The DACS question wasn't about DACS owned by the people using the
> circuit, it was about DACS inside the circuit p
Many DACS have provision for "monitoring" circuits and feeding the data
off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the circuit provider. When you buy a
DS1 that goes through more than one CO
On Wed, 20 Feb 2013, Jay Ashworth wrote:
Well, Warren, I once had a discussion with someone about whether dedicated
DS-1 to tie your SCADA network together were "secure enough" and they asked
me:
"Does it run through a DACS? Where can you program the DACS from?"
See thread: nanog impossible c
I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an ot
> From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
> If you are doing DS0 splitting on the DACS, you'll see that on the
> other
> end (it's not like channelized CAS ds1's or PRI's are difficult to look
> at
> now) assuming you have access to that. If the DACS is an issue, buy t
On Wed, Feb 20, 2013 at 9:13 AM, Jay Ashworth wrote:
> - Original Message -
>> From: "Warren Bailey"
>
>> We as Americans have plenty of things we have done halfass.. I hope an
>> Internet kill switch doesn't end up being one of them. Build your own
>> private networks, you can't get root
If you are doing DS0 splitting on the DACS, you'll see that on the other
end (it's not like channelized CAS ds1's or PRI's are difficult to look at
now) assuming you have access to that. If the DACS is an issue, buy the
DACS and lock it up. I was on a .mil project that used old school Coastcom
DI I
- Original Message -
> From: "Warren Bailey"
> We as Americans have plenty of things we have done halfass.. I hope an
> Internet kill switch doesn't end up being one of them. Build your own
> private networks, you can't get rooted if someone can't knock. Simple
> as that.
Well, Warren, I
22 matches
Mail list logo
