[j-nsp] Re: Running a code on router

Michael Shields shieldszero at aol.com
Thu Jan 12 16:43:37 EST 2006


On 12 Jan 2006, at 21:23, Richard A Steenbergen wrote:

> I would have thought they would implement
> it like securelevels, where you would need to change a  
> configuration and
> reload the router or otherwise do something noticable to return to an
> unprotected state after you have activated the protection. If there is
> absolutely no way to disable this (hidden or otherwise), I suspect  
> there
> will be a lot of annoyed power users. Then again, whats new. :)

Unfortunately, those likely to use weak passwords and leave their  
routers ssh-accessible are also those who are least likely to notice  
a reload or config change.  So if there is going to be a knob to  
enable running unsigned code, it ought to be really hard to turn,  
maybe requiring physical access to the router.  Otherwise the first  
person to crack a password will just turn off the signature checking,  
and then Juniper might as well not have implemented it at all.
-- 
Michael Shields
Sr. Systems Programmer
AOL Network Security
[not formally speaking for AOL]


More information about the juniper-nsp mailing list