[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft status, BoF, replies to issues

To: "Harrington, David" <dbh@enterasys.com>
Subject: Re: draft status, BoF, replies to issues
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 19 Feb 2004 15:21:28 -0500
Cc: <gmj@pobox.com>, <opsec@ops.ietf.org>
In-reply-to: <6D745637A7E0F94DA070743C55CDA9BA015FF34B@NHROCMBX1.ets.enterasys.com> (David Harrington's message of "Thu, 19 Feb 2004 13:32:32 -0500")
References: <6D745637A7E0F94DA070743C55CDA9BA015FF34B@NHROCMBX1.ets.enterasys.com>
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix)

"Harrington, David" <dbh@enterasys.com> writes:
> Over what period is it useful to count those hits? Is it useful to know
> how many hits have occurred over the past hour? Of course. Is it useful
> to know how many in the past day? The past week? The past month? The
> past year? 
>
> How necessary is it to keep all this counting data on the device itself,
> as compared to polling for the data, say daily or weekly, and
> aggregating the rolled-over counters offline?
>
> How long will it take to exceed 4 thousand million filter hits?

This RFC will be in use for years. Fifteen years ago, when Host
Requirements was written, 10Mbps ethernet seemed fast, but most of
those documents are still fine because the authors had foresight --
they may very well stay current for another ten years. My point is, of
course, that this document may last a very long time -- and in fifteen
more years, Gig E will seem insanely slow. I bet we get to the point
where far more than 4E9 hits in an hour are perfectly believable.

Or, put another way, plan for the future, not the present.

>> > but not having default
>> > passwords would not be popular with many customers because 
>> it increases
>> > the burden of configuring a new device.
>> 
>> Again, back to target audience + scope.  I believe that for "large IP
>> networks" provisioning will be done according to a defined process
>> and/or by skilled network engineers.  Adding a step to the process
>> vs. having core networking elements compromised seems like a fair
>> tradeoff.  If we're talking about SOHO devices ("why do I need
>> password ?"), I could see your point.
>
> I'm not talking about SOHO devices. SOHO is easy because there are so
> few devices involved.

FYI, driving around New York, you can connect to thousands of friendly
wireless APs by using the passwords "default" and "linksys". I will
not describe all the evil you can do with this oh-so-secret
information. The world would be better if the password for the device
was on a sticker on the bottom when it shipped to the customer...

As for "real" networks, let me note that plenty of them are breakable
with default passwords. "After all!" say the admins, "no one will ever
thing that I might leave in the password of `password'~"

Even when they're not breakable with the default passwords, the
default SNMP community names and such are a great boon to tiger
testers and to real miscreants, and if you want to make their lives
better, please leave them forever.

> Standardizing the default passwords across vendors and standardizing
> rigorous security surrounding their use is a better approach than not
> allowing any standard/default passwords at all.

I'm not sure I can agree...

Perry

References:
- RE: draft status, BoF, replies to issues
  - From: "Harrington, David" <dbh@enterasys.com>

Prev by Date: RE: draft status, BoF, replies to issues
Next by Date: RE: draft status, BoF, replies to issues
Previous by thread: RE: draft status, BoF, replies to issues
Next by thread: RE: draft status, BoF, replies to issues
Index(es):
- Date
- Thread