North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bellovin sez...

  • From: Ran Atkinson
  • Date: Fri Feb 20 17:19:53 1998

Forgive my directness, but there was no _new_ data at all
in what the referenced URL quoted Steve/Matt as saying.

Much of this goes (in the public literature) at least
back to Steve's paper in ACM CCR in the late 80s.  Others of
it has been documented elsewhere in the public literature
since then.

Also note that clever operators _are_ taking steps like:
	- pushing vendors towards SNMPv3 with real security
	- deploying OSPF MD5 authentication/RIP MD5 authentication
	- deploying the TCP MD5 option to protect BGP sessions
	- using route servers
	- deploying Kerberos/SSH/IPsec to secure login connections
		to servers & disallowing unprotected connections
	- deploying IETF OTP or Bellcore S/Key on routers
	- ...

Ran
[email protected]