From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com]
If you are doing DS0 splitting on the DACS, you'll see that on the other end (it's not like channelized CAS ds1's or PRI's are difficult to look at now) assuming you have access to that. If the DACS is an issue, buy the DACS and lock it up. I was on a .mil project that used old school Coastcom DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some pretty top notch traffic and the microwave network (licensed .gov band) brought it right back to the base that project was owned by. Security is expensive, because you cannot leverage a service provider model effectively around it. You can explain the billion dollars you spent on your global network of CRS-1's, but CRS-1's for a single application usually are difficult to swallow. I'm not saying that it isn't done EVER, I'm just saying there are ways to avoid your 1998 red hat box from rpc.statd exploitation - unplug aforementioned boxen from inter webs.
Our connections to various .mil and others are private ds1's with full on end to end crypto over them. You can potentially kill our connections, but you're not snooping them or injecting traffic into them. Jamie