31 Jan
2012
31 Jan
'12
11:40 a.m.
From: harbor235 <harbor235@gmail.com>
Also, It does not matter how many attempts compromising a BGP session occurs, it only takes one, so why not nail it down.
Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, crypto load on CPU, or other) than the problem it purports to fix. The goal of a network engineer is to move packets from A -> B. The goal of a security engineer is to keep that from happening. A business needs to weigh the cost and benefit of any given approach, and MD5 BGP auth does not come out well in the of situations. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com