Separate names with a comma.
Discussion in 'Networking & Security' started by BrainEater, Jun 6, 2017.
I'm betting they are roll-your-own, but I am curious all the same.
This is one of the most ridiculous questions I have ever seen on this forum and I have been around here a while.
It IS ridiculous.I was laughing the whole time I typed it.
The question still stands.
commercial hardware with a custom software stack *bang* your dead.
Occasionally they use yours.
What kind of question gets me in the most amount of trouble in the shortest amount of time?
They are going to use Cisco predominately due to contracting, not to mention in every Cisco device I have ever managed, hundreds of them at once, they all have NSA code disclaimers and non-export crypto agreements etc... NSA is stamped all over the damn things.
But for the sake of these forums they use original factory firmware Linksys WRT54Gs for every server.
Without using one being overtly illegal, I recommend this:
"Ma'am, Are you pregnant or are you just fat?"
Try this pretty much anywhere. Guaranteed instant results.
I'd put my money on either customized Cisco boxes or something special from Narus.
I suppose that makes sense seeing as how it has a heavy security focus however openbsds network stack intentionally doesn't allow for stuff like traffic inspection (though they could just as easily use a separate dedicated box for that).
They use all of them 24/7 !! hahah !!
... and they use mine a lot apparently too !
(I left those options out of the poll on purpose !!)
I think tangoseal is probably correct on a percentage basis......Cisco is the standard.
There is no such thing as a stupid question, and no question is out of bounds.
They use DD-WRT.
I have no idea, but I would hope they use something commercial that can integrate into a PAM tool to fully manage admin passwords.
After reading about 'cherry blossom' today , I almost think the question would be better served as;
What routers are NEVER used by three letter agencies.
I'm pretty sure the poll would be the same tho.
Cisco routers are usually used by most corporations, I wouldn't exactly higher their general intelligence than higher to that of an organization like NASA or whatnot- they probably run some custom firmware with basic configuration & possibly default credentials.
I'd bet on Cisco all the way.
Shit from the future, man! lol jk.
My first guess would be Cisco but I would not be surprised if the NSA is using Cisco hardware with their own custom firmware and software stack.
From what I understand and what anyone can gather by their public job postings etc. the winner is Cisco. They do have a minimal amount of Juniper etc. Also from what I understand their intercept devices are roll your own.
I can't believe you left Juniper off the list. Likely they are using Juniper routers and Cisco core switches. Of course then there is a shit ton of other networking equipment in there including Palo Alto firewalls, F5 load balancers, Cisco IronPorts, Fireeye, etc.
I have an acquaintance that works for Juniper.
I left many choices off the list really.
Then that acquaintance should have already provided the answer for you.
In light of all cybersecurity issues between nation states, and being a network security professional, I think the question is perfectly acceptable. I want to know that our govt uses secure devices and in fact would like to see an audit report made public attesting to that fact. They don't have to print the vulnerabilities - but a report on the reliability and security levels would be nice - along with plans to upgrade/strengthen them.
Like what Juniper puts online?
Like STIGs (Security Technical Implementation Guides)?
Not always, a lot of times the vendor doesn't know that their device is being used and for these agencies they buy a large number of them for penetration testing and evaluation.
Umm, no, the vendor absolutely knows. In fact, these agencies hire Juniper employees directly for support, which is generally how Juniper likes to do business. The vendors are very much involved in the process of designing the solution, securing the devices, and supporting them. In fact, that is written in government contracts on purpose.
I am telling you for a fact they do not know what the devices that they purchase are being used for. Some specialized people may, but they are not allowed to send it upstream due to security clearance and need to know basis.
If the Cisco/NSA relationship was so close then WHY would the NSA do shipping intercepts on devices outbound to customers rather than just intercept it internal while at Cisco?
I am telling you for a fact that they do. There is no secret in what the government uses for routers, the only secrets is in the overall architecture of their network stacks. There are some devices in the stack that they might keep secret, but the routers and switches are not one of them. I don't know what "shipping intercepts" you are talking about, but most shipments go to a centralized location and then are transported from there to the actual site for internal tracking purposes. That way they can check the equipment into a central database and they know what sites have what equipment, and then they know when it is out of date, needs to be upgraded, and make it easier to swap things in and out from a central source. This isn't much different from how large corporations operate.
You are right for their COTS(Commercial Off The Shelf) stuff that isn't involved with the higher levels of security this is correct. But once you move past the office drones things change. You can bet your left nut that the NSA is using a lot of custom stuff, hell some of the bases around here do.
Shipping intercepts is where the NSA will find out that a target is ordering a switch/router or other piece of equipment the NSA will redirect that shipment covertly to one of their labs and install some "interesting" firmware/hardware and then make it reenter the shipping center covertly. You can bet your right nut that the vendor gives the NSA no support in either doing this or developing the vectors of how this is done or how the firmware/hardware is developed.
I wouldn't bet my right nut on any of the stuff your saying. I have given you advice. You choose to believe something else, so I don't know what to tell you. You specifically talked about "routers being used by the NSA", I gave you the answer in regard to that. If you want to start talking about other security measures beyond "routing" or what the NSA itself uses, then that is an entirely different matter, but one I already alluded to in my posts.
As far as the "intercepts", I don't know what to tell you about that either. Those routers are not routers specifically being used by the NSA. Those are routers being compromised by the NSA, that is something different. I really have no comments on that.
That's what my Juniper buddy said.
I did that to my dentist seconds before she was about to drill into my teeth.
As she called me from the waiting room and as we were walking to her room, I said, oh I see your pregnant again congrat.... NO came the answer mid sentence.
WTF moment number 56783526 just happened.
I now know why I am usually in pain for days after my dental visits, like the last time where she only numbed only one of the teeth she was working on, she did inform me that this might hurt a little, wtf daft bitch you dont drill into unnumbed teeth and you stop when i say argh not when you feel enough pain has been inflicted.
As for the OP's question.
The dont use routers, they are old school and just stick an ethernet cable into an open non secured modem.