[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Layer 2 access and Current Practices
On Thu, 3 Mar 2005 15:01:31 -0500, Howard C. Berkowitz <email@example.com> wrote:
> I certainly can see excluding SOHO, with all of its specialized
> problems. There is a remaining concern for large enterprises and
> hosting centers with gigabit Ethernet or POS/SONET/SDH acceess to
> their upstream IP providers. The huge bandwidth available to certain
> organization could make them, if compromised by miscreants, huge
> threats to SP network stability.
> To protect the SP network from a compromised high-bandwidth site,
> security measures may be implemented in provider-operated equipment
> at the site, or, more likely, at the POP. As a rule of thumb, if a
> given site has bandwidth comparable to a midsize ISP, I believe it
> has to be given special consideration as a risk, and also a major
> revenue source to be protected.
OK. So what are you suggesting ? What sort of threats do you think need
to be addressed ? It seems to me that basic rate limiting (ommitted from the
first round of Chris' draft but to be added in -01) and filtering would address
most of this.