[scg-sec] Core vendors?

Wendy Garvin wgarvin at cisco.com
Wed Aug 18 16:35:51 EDT 2004 

It is an old thread - I think I was originally leading up to: Should we get
these folks represented here?

I'm all for it with vendors I know share the same 'spirit of cooperation.
I can recommend people from Sun and Arbor, I don't know the others well.
Some of them don't publish advisories and don't have the equivalent PSIRT
type representatives, so I'm not positive we could find the right person. On
the other hand, I don't want us to be so exclusive of a club that we can't
get the job done.

-Wendy

> Smith, Donald <Donald.Smith at qwest.com> [2004-08-18 13:27] wrote:
> Its an old email thread but I figured with all the stuff going on now
> would be a good time to review/update.
> My list of IMPORTANT NE vendors (no longer talking core here but the
> equipment that carries traffic or support same).
> 
> Cisco Yes 
> Juniper Yes
> Avici  NO
> Foundry NO (we have some but only in hosting enviroments)
> Prockett NO
> Shasta YES (vpn/edge)
> RiverStone YES (edge)
> Extremes YES (layer two only)
> Arbor YES but downtime doesn't DIRECTLY currently affect any products.
> 
> Solaris YES (DNS and other services)
> FreeBsd YES (DNS and other services)
> 
> Donald.Smith at qwest.com GCIA
> pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
> Everyday is virus day. Do you know where your recovery CDs are? Did u
> create them yet?
> 
> > -----Original Message-----
> > From: scg-sec-bounces at puck.nether.net 
> > [mailto:scg-sec-bounces at puck.nether.net] On Behalf Of Jared Mauch
> > Sent: Thursday, May 20, 2004 1:09 PM
> > To: Wendy Garvin
> > Cc: scg-sec at puck.nether.net
> > Subject: Re: [scg-sec] Core vendors?
> > 
> > 
> > 	Wendy,
> > 
> > 	When you say "core vendors"
> > 
> > 	I think of the people who make the centralized bits move
> > about.
> > 
> > 	This means if I traceroute from wherever i am in the world to
> > google, amazon, yahoo, ebay, etc.. whatever types of devices 
> > i traverse
> > to get to those websites are important.
> > 
> > 	now speaking from our perspective, we've build the 
> > "core" portion
> > of our network with Juniper and Cisco equipment, with some mix of
> > other devices in your list for various functions.  These don't
> > provide what I would call a "core" function that really truly matter
> > but our customers do traverse these pieces of equipment to get to
> > our core.
> > 
> > 	Now i know that others on this list are using the "A" vendor
> > you have listed..
> > 
> > 	I don't consider Foundry a core product anymore after a lot
> > of bad experiences with them, and only the "A" and "P" vendors
> > are worth considering.
> > 
> > 	- jared
> > 
> > On Thu, May 20, 2004 at 11:32:39AM -0700, Wendy Garvin wrote:
> > > 
> > > Hiya folks,
> > > 
> > > I'm trying to get a comprehensive list of whom you consider 
> > 'core' vendors.
> > > By that, I mean vendors who you depend on for your core operations.
> > > 
> > > There's Cisco and Juniper. A few others might be:
> > > 
> > > Avici 
> > > Foundry (anyone have a good contact over there?)
> > > Prockett? (is anyone running these in production yet?)
> > > Others?
> > > 
> > > (Once we define the boxes, we should define the 
> > protocols/services that are
> > > 'critical' - for example, if I get a vuln on SIP 
> > signalling, I don't know
> > > right now how that's going to affect you. Maybe you do 
> > voice, maybe not. How
> > > big of an impact might it have? I'll save that for another 
> > email, though.)
> > > 
> > > How about non routing platforms: Solaris for root servers? 
> > Anyone running
> > > these on MS, Linux, BSD?
> > > 
> > > Are Arbor and Riverhead considered Critical yet? Are we 
> > worried yet that
> > > someone is depending on a Riverhead box for protection, and 
> > there's an
> > > attack that takes it out first, then takes out the 
> > customer? Similarly, are
> > > Arbor boxes so critical for monitoring that if someone 
> > takes one out, they
> > > could slip another attack by while it's down?
> > > 
> > > I'm mostly trying to make sure that for the theoretical 
> > next critical
> > > fundamental protocol vulnerability, we know we've got the 
> > right vendors
> > > contacted.
> > > 
> > > -Wendy
> > > 
> > > -- 
> > > Wendy Garvin - Cisco PSIRT - 408 525-1888 CCIE# 6526
> > > ----------------------------------------------------
> > >            http://www.cisco.com/go/psirt
> > > _______________________________________________
> > > scg-sec mailing list
> > > scg-sec at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/scg-sec
> > 
> > -- 
> > Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> > clue++;      | http://puck.nether.net/~jared/  My statements 
> > are only mine.
> > _______________________________________________
> > scg-sec mailing list
> > scg-sec at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/scg-sec
> > 
> > 
> 
> 
> [    ----- End of Included Message -----    ]

-- 
Wendy Garvin - Cisco PSIRT - 408 525-1888 CCIE# 6526
----------------------------------------------------
           http://www.cisco.com/go/psirt

More information about the scg-sec mailing list