[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments/suggestions on draft
> dh> This would cover CPE routers, edge routers, and core routers. As it should
> dh> IMHO. Im rather tired of customer routers being exploited at the slightest
> dh> puff of air due to stupid vendor defaults.
>
> That there is a whole new can of worms. When Oulu released their SNMP
> happiness upon the world, we determined that something like 90% of our
> CPE was vilnerable. But our contracts were written such that it was
> illegal for us to reconfigure or upgrade their code. The CPE belonged
> to us, but was their responsibility.
>
> I don't think that ISP contract law is within the scope of this
> document,
No, but requiring that vendors produce/support devices that:
2.3.8 Ability to Withstand Well-Known Attacks and Exploits
Requirement. The device MUST have an IP stack and operating system
that is robust enough to withstand well-known attacks and
exploits.
> but somewhere in there is a pressing issue begging to be
> resolved. There's a whole world of people out there that talk about
> "THE router", rather than "A router". There's gotta be some way to
> help them keep things up to date.
This doc is asking that vendors provide technology that can be
operationally secured. Deployment is a different, much more
social/messy problem.
---George