North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Whitehouse Tackels Cybersecurity

  • From: Sean Donelan
  • Date: Wed Sep 18 21:33:46 2002

On Wed, 18 Sep 2002, Iljitsch van Beijnum wrote:
> Wow, we should all start using out of band management. Anyone think it is
> feasible to do management of an IP network exclusively out of band?

Welcome to my nightmare.

Getting ISPs to participate is always difficult. I encourage ISPs to read
the draft and send in their comments to the White House.  Otherwise,
because they are the ones particpating, the future Internet security
architecture will probably look like what a big telco thinks is a good
security model. Why separate the circuit into 2B+D, just give me all the
bandwidth.

Is the telephone security model better than the Internet security model?
It depends on who you ask.  They both have interesting security issues.
Unfortunately, a lot of it is based on perception on both sides, and only
a little on fact.

I would love to see some proposals from different ISPs how they view
the Internet (or ISP) security architecture.  Cisco, Sun, Lucent and
Telcordia have vendor architectures.  But what architecture work for
real ISPs?  What can we point to as a "good" Internet security
architecture?  Is there a difference between what works for a small,
medium or large ISP?

I can draw Internet security architectures until my fingers fall off, but
they won't have the impact of industry consensus.