[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: survey of isp security practices

To: Shashi Kiran <shashi_kiran@nortelnetworks.com>
Subject: Re: survey of isp security practices
From: "George M. Jones" <gmjones@mitre.org>
Date: Thu, 18 Nov 2004 11:11:55 -0500
Cc: gmj@pobox.com, "'Randy Presuhn'" <randy_presuhn@mindspring.com>, opsec@ops.ietf.org, ietfdbh@comcast.net
In-reply-to: <0A11633F61BD9F40B43ABCC694004F93077B09FA@zsc3c026.us.nortel.com>
References: <0A11633F61BD9F40B43ABCC694004F93077B09FA@zsc3c026.us.nortel.com>

On Nov 18, 2004, at 10:15 AM, Shashi Kiran wrote:

> Does anyone have examples of large nets where more than a few
> local users are maintained across all devices ?

Another instance of a network-level issue is the case where a provider has managed VPNs with a centralized shared RADIUS between enterprises,

Seems like more of a service to customers than something used to manage admin access to the providers core.

and there was a possibility for subscribers belonging to one VPN to switch between VPNs or access a different service profile, by introducing certain VSAs or source-spoofing, and cause security breaches. In this case access controls checks need to be tightened on the router nodes or PEs where subscribers are terminating, since the RADIUS by itself cannot handle it. Not sure if you want to cover such scenarios here.

Seems a bit convoluted, to me anyhow. Do you know of an example of a core being managed in this way?

---George

References:
- RE: survey of isp security practices
  - From: "Shashi Kiran" <shashi_kiran@nortelnetworks.com>

Prev by Date: Re: Authentication, access control, and key distribution
Next by Date: RE: survey of isp security practices
Previous by thread: RE: survey of isp security practices
Next by thread: RE: survey of isp security practices
Index(es):
- Date
- Thread