Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)
--- smb@cs.columbia.edu wrote: From: Steven Bellovin <smb@cs.columbia.edu> An amazing percentage of "private" lines are pseudowires, and neither you nor your telco salesdroid can know or tell; even the "real" circuits are routed through DACS, ATM switches, and the like. This is what link encryptors are all about; use them. --------------------------------------------------------- I would sure be interested in hearing about hands-on operational experiences with encryptors. Recent experiences have left me with a sour taste in my mouth. blech! scott
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational experiences with encryptors. Recent experiences have left me with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side encryption for the same reason. Jack
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates <jbates@brightok.net> wrote:
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational experiences with encryptors. Recent experiences have left me with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side encryption for the same reason.
and... some (most?) line-side encryptors light the line up fullspeed between the encryptors... if they are also attempting to suppress traffic analysis... so that can be costly if you don't own the whole pipe :)
participants (3)
-
Christopher Morrow
-
Jack Bates
-
Scott Weeks