Acidus wrote:
] Decius wrote:
] ] Acidus wrote:
] ] ] I'm going to do some more reseach on AS systems and how
] ] ] protected they are
] ]
] ] Understand that an AS is a big thing. An AS is a whole
] ] network, like an ISP. UUnet is 1 AS. Tens or hundreds of
] ] thousands of routers.
]
] Yes Tom. They more than covered that in my 2 networking
] specialization courses

I'm not trying to be a dick here. The answer to your question is that AS systems are "protected" only in the sense that the "nation's infrastructure" is protected. Each individual router is it's own case. One might guess that connectivity resiliance within ASes is similar to inter-AS connectivity resiliance, and that the whole matter might be thought of like a fractal. Each AS is going to have different policies. Some will have good security practices. Some will have poor practices.

Honestly, Cisco routers do not lend themselves to good security practices. They don't ship SSH2. ACLs cause significant load. There is no central management system that makes configuration backups easy. I'll bet most ISPs have poor practices and I'll bet those that have good practices poorly enforce them.

There is a significant need for an internet wide effort to improve the state of network security, but ultimately you can bring a horse to water but you can't make him drink. People learn at this by getting burned by it. Nanog has been compiling practical information on good operational practices for a long time:

http://www.nanog.org/ispsecurity.html

RE: Random -vs- deliberate failures of the Internet AS infrastructure