Home page logo

nanog logo nanog mailing list archives

Re: cost of misconfigurations
From: Jared Mauch <jared () puck nether net>
Date: Thu, 9 Aug 2012 10:43:50 -0400

On Aug 2, 2012, at 10:31 AM, Brandt, Ralph wrote:

The misconfiguration cost is usually not calculable in itself.  But I
think the more important issue is, "How do we prevent it?"  I would
spend more time on prevention than assessing the cost.

Lots of people have developed best practices on these topics.  The
problem is pushing against the business side and keeping these in
place, and not letting the bar be low at your upstream and peers.

There is a secondary issue that is yet still unaddressed.  Some vendors
still send all routes they receive out to all external peers in the
absence of a policy.  This is something I want to see corrected as it
will require a bit more intelligence when it comes to BGP policy to
provide the expected behavior.

- Jared

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]