Re: survey of isp security practices

[Merike Kaeo <kaeo@merike.com>]

On Nov 9, 2004, at 6:25 AM, Howard C. Berkowitz wrote:

> At 6:16 AM -0800 11/9/04, David Barak wrote:
> > --- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
> >
> > >  I need to think some more about exactly where it
> > >  would go and what
> > >  would be in it, but my initial reaction is that
> > >  there needs to be a
> > >  section on "routing".  I'd move blackholes/sinkholes
> > >  out of
> > >  filtering, as well as uRPF, and add the issues of
> > >  routing protocol
> > >  security, sanity checks on routing (correlation with
> > >  routing
> > >  registries, prefix limits, etc.), and
> > >  information-gathering from such
> > >  things as flaps and generic changes-from-baseline of
> > >  routing protocol
> > >  specifics.
> >
> > I agree with Howard that "routing" should be a major
> > heading, but I think that it has two major categories:
> > source validation, and information validation.
> Good points, but there perhaps should be a third -- altering the 
> routing/forwarding tables as part of a security mechanism such as 
> blackholes, sinkhole attractors, and the effect of blackholes on uRPF.

I am not yet convinced that routing should be a separate category but 
instead the security practices that are currently employed for 
authentication, filtering, logging, etc can use a sub-category for what 
is specific to routing.    However....I'm still thinking about it.....

- merike
>