So you know how a lot of network engineers love to talk about how secure ISP private links are? Now might be a really good time to renew those risk modeling discussions with them.
Conversation
Notices
-
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 05-Dec-2024 10:04:54 JST 
cR0w :cascadia:
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 05-Dec-2024 10:04:53 JST 
kajer
@cR0w There is a reason we used MACSEC on "darkfiber." We setup IPSEC over AWS direct connects. IPSEC over MPLS links.
These are all non-public network links, and the fintech I worked for took no chances with anything "in the clear."
-
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 05-Dec-2024 10:04:53 JST
cR0w :cascadia:
@kajer Nice. I was only able to convince a couple orgs to run IPSEC over VZW private and terrestrial MPLS. The rest were cool with the promise of "private".
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 05-Dec-2024 10:04:53 JST 
Ryan Castellucci :nonbinary_flag:
@cR0w @kajer Encrypt everything. Then you don't have to make choices.
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 05-Dec-2024 10:05:40 JST
Ryan Castellucci :nonbinary_flag:
@cR0w @kajer I ran transport mode IPSEC on my home LAN for a while. Now I use wireguard.
-
Embed this notice
All GNU social JP content and data are available under the