[afnog] afnog Digest, Vol 49, Issue 24

Maina M Noah ncmaina2001 at yahoo.com
Mon May 19 10:30:28 UTC 2008 

Liban,

I will give an example of our organisation. We choose to go with specifically Cisco Equipments both the core and distribution network (1800 series at the
access lever (client level) and 2800 series going up to 7200 series at
distribution to core level respectively. 

As far as security of concerned, we could not hesitate to pick one of those Cisco Adaptive Security Appliances and accompanied the same with
some
Open-Source  applications like IPFilters,  APF (an iptables "netfilter"
based firewall). Somewhat a combination of this various security
measure has helped combat DDoS attacks for our organisation. I remember
the time when one of our name servers was compromised and if it was not
for the apf setup in conjunction with the ASA's....the attack would
have caused business discontinuity for a couple of hours.

I don't know about other SP's in the region but i am pretty sure the most common security deployment is still Cisco based though i know other have deployed Checkpoint and other solutions out there in the market.

------
./noah


----- Original Message ----
From: Global One Solution <malabow at gmail.com>
To: nishal goburdhan <nishal at controlfreak.co.za>
Cc: afnog at afnog.org
Sent: Monday, May 19, 2008 12:33:22 PM
Subject: Re: [afnog] afnog Digest, Vol 49, Issue 24

Nishal,

Thanks, i don't think was clear with my comment, i m not actually looking to deploy anything,  in fact i work for Sprint in the US,which is a Tier I ISP. we have deployed all the best-practice and more, using different vendors, i just want to understand little better in Africa SP and if have internal relationship with each other which allow to combat any DDoS attack. 

Thanks for the information.




On Mon, May 19, 2008 at 5:25 AM, nishal goburdhan <nishal at controlfreak.co.za> wrote:

On Monday 28 April 2008, Global One Solution wrote:


Can anyone share with us, what is
the chosen vendor in most African SP backbone router and
Edge routers. The reason i m asking, one has to 1st
project it's core network, and edge so they are not taken
out of service.


here's something more general that you may find an interesting read:  ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt
titled:  Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure

that should help you make a list of things that *you* want/need for your network (not all of it would be useful, or appropriate)
then have your prospective vendors face-off on your demands.  if feature_X is something you really want/need, and it's not supported let them know, and, vote with your wallet.

--n.



-- 
Liban Mohamed
Global One Solution
www.globalonesolutions.net
malabow at gmail.com 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20080519/dc934aae/attachment-0002.html>

More information about the afnog mailing list