Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Scaled Back Cybersecuruty

  • From: David Scott Olverson
  • Date: Tue Jan 14 16:14:28 2003


>
> In article <103014.152131.21746@avi.netaxs.com> Pete wrote:
>
> : I'm trying to envision an RFP that awards business to one or
> : a few network operators, but requires that they interoperate
> : effectively with other operators who don't win any of the
> : business. I've only got a state-level purchasing
> : perspective, but I don't see it happening at any level.
>
> Let me be more clear :)
>
> If the next FTS or if all large Federal IP purchases mandated
> one of:
>
> - Routers must be configured by end of 2003 so that all packets
>   to the control plane must be logically separated from user
>   packets (or demonstrate the ability to take 200mb of attack
>   traffic to the router CPU without having an effect)
>
> OR
>
> - All single-homed customers must be source-address filtered at
>   ingress or egress.  (Becoming multi-homed at ingress as a
>   requirement over time)
>
> OR
>
> ...
>
> You get the idea.  Something that IS possible, that matters MOST
> at the large end of the scale.  And if we go a long way towards
> solving one beasty per year we'll at least be making MORE progress
> than we've been making to date, which is roughly zero.

The problem with these mandates by the Federal gov't is that they most
often are not enforced once they're directed.  There was a mandate that
all operating systems installed on gov't networks meet a certain security
minimum.  I forget the name of the program now but Windows didn't and
couldn't so it was wavered onto the program.  I also seem to remember a
drive to have all software development follow the Capability Maturity
Model (at least in the Air Force) and a mandate that all software
development should be done at CMM level 3 that lost steam as well.
It's not a bad idea if you could get the gov't to truly enforce it.

Thanks,

Dave Olverson





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.