IETF Logo Mail Archive

Re: [Lsvr] [OPSEC] security against what?

Christopher Morrow <morrowc.lists@gmail.com> Tue, 04 September 2018 16:04 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B60130F34; Tue, 4 Sep 2018 09:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFS04SPbLozD; Tue, 4 Sep 2018 09:04:35 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69621274D0; Tue, 4 Sep 2018 09:04:34 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id m11-v6so3283876uao.11; Tue, 04 Sep 2018 09:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FrX1fkaWJ8AQwTJnonJwRciwcuYuiMf9gcB4d4qDpes=; b=VFJJdVcgTVjenlTflqq7H1ldKqDyFDyP3ltSOrE34qSFHzx4mw0mpFNdpRUFX9rd7b LU1w0BmcbT8/7Dj07lIwBMBKt5UrVXPICZDRkinVOS9dF9wDzGvzlcWGgO2JhZsRroO1 8js++bClt02GPjFcTqnWcQjKkA1uttvw/WPXGFOTnuNL91GkkD6/XVS1uBYkeKhuyM4U i8eYjFgbnQripkbgCog1X1Hl3fTCwgj6Jp5HaqmLmCvPXOvS+mPa5VLzSUKDakk4rDbn 5p38/F3hevq6sOWQF6p+HDo8DBUEt6sqBaYcKuANR9t7ATxvHbHJSUt+yUjSqIu+zueU IicQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FrX1fkaWJ8AQwTJnonJwRciwcuYuiMf9gcB4d4qDpes=; b=I+znpZhiJiQW+zZHBl2ixPJ03gTezgmjvz7XtuLFKyB9G9dOYfmhpXFp/qmrpC3EEO 3bDDm+DlgK5VN1VtZ9mZMaZlpIWpHWpuhaLPUM+UEt/L4BqpW0I5bO/mp6C8I3lynCTA IIrj751fwCboGIpf8WqK2ERzqZpNbt0qVXiajDDjPdm8S5h8TJQQIh/cloRXRm2uoA6N tEbKDNAEbLMtixN5umGDJ/0M4QgTNq9UPzWXBxAMso5rwM3JTu3TKWxnLU6uSNp6vnRl h2A3fBMiFxk1EhL4BVC+ceHmdAi7lQJX43QsHvgaCk5BRvYbcanfdpIujoRLD0fxs1/P jiFQ==
X-Gm-Message-State: APzg51CosZryviBgCw22pyX9yBdPBudAKJrHypCUkhsnHtJrCeAwXMcM UxnlY4uugVSifigaJKulVpZsDXI1D9fy7Vazj6Q09w==
X-Google-Smtp-Source: ANB0VdY8WJEWp+94lt+cBwJGuzLwSIv0kCOZwL3bK1uLKq2nSZRuJ+UKKidTUvL4NNLe6ZHeJB3jmj1SlLMPuzysdDA=
X-Received: by 2002:ab0:74d1:: with SMTP id f17-v6mr18111165uaq.105.1536077073251; Tue, 04 Sep 2018 09:04:33 -0700 (PDT)
MIME-Version: 1.0
References: <m21sbkjba8.wl-randy@psg.com> <AM5PR0701MB172966DC99841C55D5E26CA2E0030@AM5PR0701MB1729.eurprd07.prod.outlook.com> <CAAedzxrX5TWxYtA-uCfA3QyF_N1L3-tmjtqWTNThXvNNi4Uppw@mail.gmail.com> <m2zhwxposb.wl-randy@psg.com> <CAL9jLaa0VmEQpi45T0wdNV51R5+ib4Lo8NhmO9RJq-6OiO69EA@mail.gmail.com> <m2wos1p92d.wl-randy@psg.com>
In-Reply-To: <m2wos1p92d.wl-randy@psg.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Tue, 04 Sep 2018 12:04:21 -0400
Message-ID: <CAL9jLaaVSh+Kht6JepHCzN1r4Y_+vtd0ypNSHhLx+GVA7DVpVQ@mail.gmail.com>
To: Randy Bush <randy@psg.com>
Cc: Erik Kline <ek@google.com>, opsec wg mailing list <opsec@ietf.org>, lsvr@ietf.org, gunter.van_de_velde@nokia.com
Content-Type: multipart/alternative; boundary="0000000000004c848005750dd02e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/p90ofuDfMnpFdyoD0Q2K80N5AxU>
Subject: Re: [Lsvr] [OPSEC] security against what?
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 16:04:38 -0000

On Tue, Sep 4, 2018 at 11:38 AM Randy Bush <randy@psg.com> wrote:

> > 'datacenter operators' == "hyperscale web wonkers" ?
>
> i asked in lsvr, which is what i guess you woud call hyperscale.  lsvr
> also tends toward decentralized,
>
>
sorry: 'decentralized' means what here?


> > or 'datacenter operators' == 'colo provider' ('the planet' not 'equinix'
> -
> > and 'the planet' is now 'someone else' but...)
>
> 1x would seem especially inapporpriate here as there is no
> centralisation of authority.
>

So, in a large datacenter where randos are able to walk around and affect
change to my cage's in/outs (and potentially clamp mitm/etc gear without my
knowledge) there's a different 'security concern' than there is in a
building I wholey own and operate behind several layers of physical
security and such.

If all of your "datacenter deployment" is inside a single cage in a
colocation building you MAY be "safe", but if you span cage spaces (who
ever decided on day-one in a building that they only would ever need 640kb
ram/squarefeet/kw/etc?) you are potentially sending your 'routing
protocols' over links outside of your immediate security perimeter.

That seems rather scary... like kinda really scary, actually...
I wonder how often people consider: "security of the data in the datacenter
(at rest or in flight)" but forget about the routing system which is
intrinsic to the operation of that datacenter?


>
> >>> Is recommending 802.1x possible/sufficient (given the description in
> >>> Randy's strawperson comment)?
> >> it's a long way to that radius server
>
> with coffee, i might expand a bit.  during turn up of new links and
> devices, it may not be easy to get to a distant 1x authority.
>
>
I'd point out that if you put business critical dependencies 'far away' you
are a competitor I'd love to have? :)
Ideally once you figure out your deployment scenario and drive down all the
dependency tree branches you figure out who/what needs to be "local" to the
deployment, and how to live in a state where that dependency is unfulfilled
for part of the turnup/repair/turndown workflows.  Right?

v2.23.0 | Report a Bug | By Email